Changing the default IAM certificate to a custom one

To change the default IAM certificate:

1. Ensure that the kladmins group has access to IAM certificate files.
2. Locate the IAM configuration file: /var/opt/kaspersky/klnagent_srv/iam/iam_config.yaml

   In this file, add paths to IAM certificate files to the server_iam section:

   • certificates.main.cert: Path to the primary certificate file.
   • certificates.main.key: Path to the private key of the primary certificate. The private key must not be password-protected.
3. Locate the Web Console configuration file: /etc/ksc-web-console-setup.json

   In this file, set the iamCertPath field value to the path to the public key of the primary certificate.

4. Restart the kliam service by running the following command:

   sudo service kliam_srv restart

5. Reinstall the Web Console.

   Once reinstalled, the Web Console uses the custom IAM certificate.

To change the reserve IAM certificate:

1. Locate the IAM configuration file: /var/opt/kaspersky/klnagent_srv/iam/iam_config.yaml

   In this file, specify paths to IAM certificate files:

   • server_iam.certificates.reserve.cert: Path to the primary certificate file.
   • server_iam.certificates.reserve.key: Path to the private key of the primary certificate. The private key must not be password-protected.
2. Restart the kliam service by running the following command:

   sudo service kliam_srv restart

   Once the primary certificate file expires, the reserve IAM certificate is used instead.

Page top