You can integrate the issuance of certificates with Microsoft Certification Authority (CA) via Public Key Infrastructure (PKI). Integration with PKI is intended for simplifying the issuance of domain user certificates by Administration Server. Following integration, certificates are issued automatically.
You can perform the PKI integration with specified settings and assign PKI to act as the source of certificates for specific types of certificates. The PKI integration settings allow you to set the individual default template for all types of certificates.
The specifics of using PKI integration to issue certificates:
PKI integration is disabled by default. For detailed information on enabling PKI and configuring its settings, refer to the Kaspersky Secure Mobility Management Help.
The certificate issuance is carried out using Network Agent Windows, which enables the integration between Administration Server and Microsoft CA. Since there can be multiple devices with Network Agent installed, you can specify the device that will connect to Microsoft CA in the Issuance rules. This device must have an Enrollment Agent (EA) certificate installed in the certificates repository of the account under which the integration with PKI is performed. The certificate is issued by the administrator of the domain's CA.
The account under which integration with PKI is performed must be a domain user and have the right to Log On As Service.
Kaspersky Security Center Linux can only work with one PKI (Microsoft CA) integration at a time.