Configuring a trusted connection with Kaspersky Endpoint Agent
Actions to configure a trusted connection are performed both on the Kaspersky Anti Targeted Attack Platform side through the web interface and the application administrator menu, and on the Kaspersky Endpoint Agent side through the KSC Administration Console.
You can use one of the following options to configure a trusted connection:
Without validating the Kaspersky Endpoint Agent TLS certificate on the Kaspersky Anti Targeted Attack Platform side.
Kaspersky Endpoint Agent establishes a trusted connection with Kaspersky Anti Targeted Attack Platform using the TLS certificate of the Central Node server. Kaspersky Anti Targeted Attack Platform does not validate the TLS certificate of Kaspersky Endpoint Agent when Kaspersky Endpoint Agent tries to connect.
If you are using this alternative configuration for the trusted connection, the procedure is as follows:
Traffic redirection to the Sensor server is configured in Kaspersky Anti Targeted Attack Platform. Kaspersky Endpoint Agent establishes a trusted connection with Kaspersky Anti Targeted Attack Platform using the TLS certificate of the Sensor server. Kaspersky Anti Targeted Attack Platform does not validate the TLS certificate of Kaspersky Endpoint Agent when Kaspersky Endpoint Agent tries to connect.
If you are using this alternative configuration for the trusted connection, the procedure is as follows:
Enabling traffic redirection from Kaspersky Endpoint Agent to the Sensor server.
Authorizing the Sensor component on the Central Node server.
Kaspersky Endpoint Agent establishes a trusted connection with Kaspersky Anti Targeted Attack Platform using the TLS certificate of the Central Node server. Additional security of the connection is configured in Kaspersky Endpoint Agent and the TLS certificate of Kaspersky Endpoint Agent is uploaded. Kaspersky Anti Targeted Attack Platform validates the TLS certificate of Kaspersky Endpoint Agent when Kaspersky Endpoint Agent tries to connect.
If you are using this alternative configuration for the trusted connection, the procedure is as follows:
If you want to prepare the TLS certificate of Kaspersky Endpoint Agent on your own, you must create a PFX crypto container with your certificate. For details on managing TLS certificates, see the OpenSSL documentation.
Traffic redirection to the Sensor server is configured in Kaspersky Anti Targeted Attack Platform. Kaspersky Endpoint Agent establishes a trusted connection with Kaspersky Anti Targeted Attack Platform using the TLS certificate of the Sensor server. Additional security of the connection is configured in Kaspersky Endpoint Agent and the TLS certificate of Kaspersky Endpoint Agent is uploaded. Kaspersky Anti Targeted Attack Platform validates the TLS certificate of Kaspersky Endpoint Agent when Kaspersky Endpoint Agent tries to connect.
If you are using this alternative configuration for the trusted connection, the procedure is as follows:
Enabling traffic redirection from Kaspersky Endpoint Agent to the Sensor server.
Authorizing the Sensor component on the Central Node server.
If you want to prepare the TLS certificate of Kaspersky Endpoint Agent on your own, you must create a PFX crypto container with your certificate. For details on managing TLS certificates, see the OpenSSL documentation.