Kaspersky Scan Engine in HTTP mode supports HTTPS to establish a secure connection.
Kaspersky Scan Engine does not check the HTTP client certificate.
Kaspersky Scan Engine supports the following secure protocols and cipher suites:
To configure an HTTPS connection, you need to specify the following parameters in the HTTP mode configuration file:
ServerSettings > TlsCertificateKeyFile
element)ServerSettings > TlsCertificateFile
element)https
protocol (the ServerSettings > ConnectionString
element)In addition, you can configure an HTTPS connection by using Kaspersky Scan Engine GUI.
Below is an example of how to generate private key and certificate files.
To generate a private key and a certificate (Linux):
/opt/kaspersky/ScanEngine/tools
../openssl req -new -x509 -config openssl.cnf -newkey ec -pkeyopt ec_paramgen_curve:secp384r1 -nodes -days 3650 -subj "/C=RU/CN=localhost" -keyout kavhttpd.key -out kavhttpd.cert |
In /opt/kaspersky/ScanEngine/tools
, two files are created:
kavhttpd.key—
the private keykavhttpd.cert—
the certificateTo generate a private key and a certificate (Windows):
%service_dir%\tools
.openssl.exe req -new -x509 -config openssl.cnf -newkey ec -pkeyopt ec_paramgen_curve:secp384r1 -nodes -days 3650 -subj "/C=RU/CN=localhost" -keyout kavhttpd.key -out kavhttpd.cert |
In %service_dir%\tools
, two files are created:
kavhttpd.key—
the private keykavhttpd.cert—
the certificate