Kaspersky Anti Targeted Attack (KATA) Platform

Uploading an independently prepared TLS certificate for the Central Node server using the web interface of Kaspersky Anti Targeted Attack Platform.

August 12, 2024

ID 247874

You can choose to prepare the TLS certificate on your own and upload it using the Kaspersky Anti Targeted Attack Platform web interface.

The TLS certificate file prepared for upload must satisfy the following requirements:

  • The file must contain the certificate itself and a private encryption key for the connection.
  • The file must be in PEM format.

    The application does not support other formats of certificates.

    If you have prepared a certificate in a different format, you must convert it to the PEM format.

  • The private key length must be 2,048 bits or longer.

For more details on preparing TLS certificates for import, please refer to the documentation on Open SSL.

If you are already using a Central Node server TLS certificate, uploading a new certificate causes the currently used certificate to be removed and replaced with the uploaded certificate.

You must enter the data of the new certificate everywhere the old certificate was used.

If you replace the TLS certificate, you will need to:

Delete all Endpoint Agent host isolation rules. The connection with isolated hosts is severed and you cannot manage them.

To upload an independently prepared TLS certificate using the Kaspersky Anti Targeted Attack Platform web interface:

  1. Sign in to the Kaspersky Anti Targeted Attack Platform web interface with the administrator credentials.
  2. In the window of the application web interface, select the Settings section, Certificates subsection.
  3. In the Server certificate section, click Upload.

    This opens the file selection window.

  4. Select a TLS certificate file to download and click the Open button.

    This closes the file selection window.

    The TLS certificate is added to the Kaspersky Anti Targeted Attack Platform.

    Reconfigure traffic forwarding from Endpoint Agent to Sensor and trusted connection with Endpoint Agent.

Make sure to delete all Endpoint Agent host isolation rules. Connection with isolated hosts will be lost and you will not be able to manage them.

See also

Configuring the integration of Kaspersky Anti Targeted Attack Platform with the Kaspersky Endpoint Agent component

Configuring the trusted connection of Kaspersky Anti Targeted Attack Platform with the Kaspersky Endpoint Agent application

Downloading the TLS certificate of the Central Node server

Generating a TLS certificate for the Central Node server in the web interface of Kaspersky Anti Targeted Attack Platform

Uploading a TLS certificate of the Central Node server or Sensor to Kaspersky Endpoint Agent

Enabling the validation of the Kaspersky Endpoint Agent TLS certificate in the web interface of Kaspersky Anti Targeted Attack Platform

Generating a TLS certificate of Kaspersky Endpoint Agent in the web interface of Kaspersky Anti Targeted Attack Platform and downloading a cryptographic container

Uploading an independently prepared TLS certificate of Kaspersky Endpoint Agent using the web interface of Kaspersky Anti Targeted Attack Platform

Viewing the table of Kaspersky Endpoint Agent TLS certificates in the web interface of Kaspersky Anti Targeted Attack Platform

Filtering and searching Kaspersky Endpoint Agent TLS certificates in the web interface of Kaspersky Anti Targeted Attack Platform

Deleting Kaspersky Endpoint Agent TLS certificates in the web interface of Kaspersky Anti Targeted Attack Platform

Configuring the validation of the Kaspersky Endpoint Agent TLS certificate by the Central Node server and uploading a cryptographic container to Kaspersky Endpoint Agent

Configuring traffic redirection from Kaspersky Endpoint Agent to the Sensor server

Generating a TLS certificate for the Sensor server in the administrator menu of the Sensor server

Uploading an independently prepared TLS certificate for the Sensor server in the administrator menu of the Sensor server

Downloading the TLS certificate of the Sensor server to your computer

Configuring the integration and trusted connection with Kaspersky Anti Targeted Attack Platform on the Kaspersky Endpoint Agent side

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.