Before changing KUMA certificate, make sure to back up the previous certificate and key with the names external.cert.old and external.key.old respectively.
After installing the KUMA Core, the installer creates the following certificates in the /opt/kaspersky/kuma/core/certificates folder:
Signs all other certificates that are used for internal communication between KUMA components.
Used for internal communication between KUMA components.
Used in the KUMA web console and for REST API requests.
You can use your company certificate and key instead of self-signed web console certificate. For example, if you want to replace the self-signed CA certificate of the Core with a certificate issued by your corporate CA, you must provide an external.cert and an unencrypted external.key in PEM format.
The following example shows how to replace a self-signed CA certificate of the Core with your corporate certificate in PFX format. You can use instructions in this section as an example and adapt the steps according to your needs.
To replace the KUMA web console certificate with an external certificate:
sudo -i
cd /opt/kaspersky/kuma/core/certificates
mv external.cert external.cert.old && mv external.key external.key.old
openssl pkcs12 -in kumaWebIssuedByCorporateCA.pfx -nokeys -out external.cert
openssl pkcs12 -in kumaWebIssuedByCorporateCA.pfx -nocerts -nodes -out external.key
Enter the password of the PFX key when prompted (Enter Import Password).
As a result, the external.cert certificate and the external.key in PEM format are returned.
chown kuma:kuma external.cert external.key
systemctl restart kuma-core
Your company certificate and key are replaced.
Page top