Configuring a trusted connection with Kaspersky Endpoint Agent

Actions to configure a trusted connection are performed both on the Kaspersky Anti Targeted Attack Platform side through the web interface and the application administrator menu, and on the Kaspersky Endpoint Agent side through the KSC Administration Console.

You can use one of the following options to configure a trusted connection:

• Without validating the Kaspersky Endpoint Agent TLS certificate on the Kaspersky Anti Targeted Attack Platform side.
  • Configuring the connection with the Central Node server without validating the TLS certificate of Kaspersky Endpoint Agent in Kaspersky Anti Targeted Attack Platform.

    Kaspersky Endpoint Agent establishes a trusted connection with Kaspersky Anti Targeted Attack Platform using the TLS certificate of the Central Node server. Kaspersky Anti Targeted Attack Platform does not validate the TLS certificate of Kaspersky Endpoint Agent when Kaspersky Endpoint Agent tries to connect.

    If you are using this alternative configuration for the trusted connection, the procedure is as follows:

    1. Generate or upload an independently prepared TLS certificate of the Central Node server in the web interface of Central Node (if the TLS certificate of the Central Node has not been previously created).
    2. Downloading the TLS certificate of the Central Node server to your computer.
    3. Uploading the TLS certificate of the Central Node server to Kaspersky Endpoint Agent using the Administration Console (MMC).
  • Configuring the connection with the Sensor server without validating the TLS certificate of Kaspersky Endpoint Agent in Kaspersky Anti Targeted Attack Platform.

    Traffic redirection to the Sensor server is configured in Kaspersky Anti Targeted Attack Platform. Kaspersky Endpoint Agent establishes a trusted connection with Kaspersky Anti Targeted Attack Platform using the TLS certificate of the Sensor server. Kaspersky Anti Targeted Attack Platform does not validate the TLS certificate of Kaspersky Endpoint Agent when Kaspersky Endpoint Agent tries to connect.

    If you are using this alternative configuration for the trusted connection, the procedure is as follows:

    1. Enabling traffic redirection from Kaspersky Endpoint Agent to the Sensor server.
    2. Authorizing the Sensor component on the Central Node server.
    3. Generating or uploading an independently prepared TLS certificate for the Sensor server in the administrator menu of the Sensor server.
    4. Downloading the TLS certificate of the Sensor server to your computer.
    5. Uploading the TLS certificate of the Sensor server to Kaspersky Endpoint Agent using the Administration Console (MMC).
• Validating the Kaspersky Endpoint Agent TLS certificate on the Kaspersky Anti Targeted Attack Platform side.
  • Configuring the connection with the Central Node server with validation of the TLS certificate of Kaspersky Endpoint Agent in Kaspersky Anti Targeted Attack Platform.

    Kaspersky Endpoint Agent establishes a trusted connection with Kaspersky Anti Targeted Attack Platform using the TLS certificate of the Central Node server. Additional security of the connection is configured in Kaspersky Endpoint Agent and the TLS certificate of Kaspersky Endpoint Agent is uploaded. Kaspersky Anti Targeted Attack Platform validates the TLS certificate of Kaspersky Endpoint Agent when Kaspersky Endpoint Agent tries to connect.

    If you are using this alternative configuration for the trusted connection, the procedure is as follows:

    1. Generate or upload an independently prepared TLS certificate of the Central Node server in the web interface of Central Node (if the TLS certificate of the Central Node has not been previously created).
    2. Downloading the TLS certificate of the Central Node server to your computer.
    3. Uploading the TLS certificate of the Central Node server to Kaspersky Endpoint Agent using the Administration Console (MMC).
    4. Enabling the validation of the Kaspersky Endpoint Agent TLS certificate in the web interface of Kaspersky Anti Targeted Attack Platform.
    5. Generating and downloading the crypto container with the TLS certificate of Kaspersky Endpoint Agent or uploading an independently prepared TLS certificate of Kaspersky Endpoint Agent using the web interface of Kaspersky Anti Targeted Attack Platform.

       If you want to prepare the TLS certificate of Kaspersky Endpoint Agent on your own, you must create a PFX crypto container with your certificate. For details on managing TLS certificates, see the OpenSSL documentation.

    6. Uploading the crypto container with Kaspersky Endpoint Agent certificate to Kaspersky Endpoint Agent using the Administration Console (MMC).
  • Configuring the connection with the Sensor server with validation of the TLS certificate of Kaspersky Endpoint Agent in Kaspersky Anti Targeted Attack Platform.

    Traffic redirection to the Sensor server is configured in Kaspersky Anti Targeted Attack Platform. Kaspersky Endpoint Agent establishes a trusted connection with Kaspersky Anti Targeted Attack Platform using the TLS certificate of the Sensor server. Additional security of the connection is configured in Kaspersky Endpoint Agent and the TLS certificate of Kaspersky Endpoint Agent is uploaded. Kaspersky Anti Targeted Attack Platform validates the TLS certificate of Kaspersky Endpoint Agent when Kaspersky Endpoint Agent tries to connect.

    If you are using this alternative configuration for the trusted connection, the procedure is as follows:

    1. Enabling traffic redirection from Kaspersky Endpoint Agent to the Sensor server.
    2. Authorizing the Sensor component on the Central Node server.
    3. Generating or uploading an independently prepared TLS certificate for the Sensor server in the administrator menu of the Sensor server.
    4. Downloading the TLS certificate of the Sensor server to your computer.
    5. Uploading the TLS certificate of the Sensor server to Kaspersky Endpoint Agent using the Administration Console (MMC).
    6. Enabling the validation of the Kaspersky Endpoint Agent TLS certificate in the web interface of Kaspersky Anti Targeted Attack Platform.
    7. Generating and downloading the crypto container with the TLS certificate of Kaspersky Endpoint Agent or uploading an independently prepared TLS certificate of Kaspersky Endpoint Agent using the web interface of Kaspersky Anti Targeted Attack Platform.

       If you want to prepare the TLS certificate of Kaspersky Endpoint Agent on your own, you must create a PFX crypto container with your certificate. For details on managing TLS certificates, see the OpenSSL documentation.

    8. Uploading the crypto container with Kaspersky Endpoint Agent certificate to Kaspersky Endpoint Agent using the KSC Administration Console.

See also Configuring integration of the Endpoint Agent component with the KEDR functional block Configuring a trusted connection with Kaspersky Endpoint Security Downloading the TLS certificate of the Central Node server Generating a TLS certificate for the Central Node server in the web interface of Kaspersky Anti Targeted Attack Platform Uploading an independently prepared TLS certificate for the Central Node server using the web interface of Kaspersky Anti Targeted Attack Platform Enabling the validation of the TLS certificate of the Endpoint Agent component in the web interface of Kaspersky Anti Targeted Attack Platform Generating a TLS certificate of the Endpoint Agent component in the web interface of Kaspersky Anti Targeted Attack Platform and downloading a crypto container Uploading an independently prepared TLS certificate of the Endpoint Agent component using the web interface of Kaspersky Anti Targeted Attack Platform Viewing the table of TLS certificates of the Endpoint Agent component in the web interface of Kaspersky Anti Targeted Attack Platform Filtering and searching TLS certificates of the Endpoint Agent component in the web interface of Kaspersky Anti Targeted Attack Platform Deleting TLS certificates of the Endpoint Agent component in the web interface of Kaspersky Anti Targeted Attack Platform Configuring traffic redirection from the Endpoint Agent component to the Sensor server

In this section Configuring the validation of the Kaspersky Endpoint Agent TLS certificate by the Central Node server and uploading a crypto container to Kaspersky Endpoint Agent Uploading a TLS certificate of the Central Node server or Sensor to Kaspersky Endpoint Agent Configuring the integration and trusted connection with Kaspersky Anti Targeted Attack Platform on the Kaspersky Endpoint Agent side

Page top