The Web Server certificate used in Kaspersky Security Center Linux is required for publishing Network Agent installation packages that you subsequently download to managed devices, as well as for publishing iOS MDM profiles, iOS apps, and Kaspersky Endpoint Security for Mobile installation packages. Depending on the current application configuration, various certificates can function as the Web Server certificate (for more detail, see About Kaspersky Security Center Linux certificates).
You may need to reissue the Web Server certificate to meet the specific security requirements of your organization or to maintain continuous connection of your managed devices before starting to upgrade the application. Kaspersky Security Center Linux provides two ways of reissuing the Web Server certificate; the choice between the two methods depends on whether you have mobile devices connected and managed through the mobile protocol (i.e., by using the mobile certificate).
If you have never specified your own custom certificate as the Web Server certificate in the Web Server section of the Administration Server properties window, the mobile certificate acts as the Web Server certificate. In this case, the Web Server certificate reissuance is performed through the reissuance of the mobile protocol itself.
To reissue the Web Server certificate when you have any mobile devices managed through the mobile protocol:
In the main menu, click the settings icon () next to the name of the required Administration Server.
The Administration Server properties window opens.
On the General tab, select the Web Server section.
In the Over HTTP subsection, select the Specify another certificate option and click the Change certificate button.
In the window that opens, in the Certificate type field select the type of your certificate:
If you have selected PKCS #12 container, click the Browse button next to the Certificate field and specify the certificate file on your hard drive. If the certificate file is password-protected, enter the password in the Password (if any) field.
If you have selected X.509 certificate, click the Browse button next to the Private key field and specify the private key on your hard drive. If the private key is password-protected, enter the password in the Password (if any) field.
Click the Save button, then click OK.
The window is closed.
If necessary, in the Web Server HTTPS port field change the number of the HTTPS port for Web Server and click the Save button.
The Web Server certificate is reissued.
To reissue the Web Server certificate when you have no mobile devices managed through the mobile protocol:
In the main menu, click the settings icon () next to the name of the required Administration Server.
The Administration Server properties window opens.
On the General tab, select the Certificates section.
If you plan to continue using the certificate issued by Kaspersky Security Center, do the following:
Select the Certificate issued through Administration Server option and click the Browse button.
In the window that opens, in the Connection address and Activation term groups of settings, select the relevant options and click OK.
Alternatively, if you plan to use your own custom certificate, do the following:
Select the Other certificate option, click the Manage certificate button, and then in the window that opens, click the Browse button.
In the window that opens, in the Certificate type field select the type of your certificate:
If you have selected PKCS #12 container, click the Browse button next to the Certificate field and specify the certificate file on your hard drive. If the certificate file is password-protected, enter the password in the Password (if any) field.
If you have selected X.509 certificate, click the Browse button next to the Private key field, and specify the private key on your hard drive. If the private key is password-protected, enter the password in the Password (if any) field.
Click the Save button, then click OK.
The mobile certificate is reissued to be used as the Web Server certificate.