Root privileges are required to manage certificates.
You can manage certificates used to connect to KATA servers using commands. What you can do with certificates:
To add or replace the server certificate, run the following command:
kesl-control [-R] --add-kataedr-server-certificate <file name and path>
where <file name and path> are the name and path to the file containing the server certificate.
To add or change a client certificate:
kesl-control [-R] --add-kataedr-client-certificate <file name and path>
where <file name and path> is the name and path to the cryptocontainer (PFX archive) containing the client certificate and private key.
The client certificate is used for additional protection of the connection to the KATA server if client certificate verification is enabled in KATA server settings and in the Integration with Kaspersky Anti Targeted Attack Platform task settings for the UseClientPinnedCertificate setting the yes value is set.
To display certificate information, run the following command:
kesl-control [-R] --query-kataedr-server-certificate
kesl-control [-R] --query-kataedr-client-certificate
Running the command displays the following certificate information:
To delete the server certificate information, run the following command:
kesl-control [-R] --remove-kataedr-server-certificate
To delete the client certificate information, run the following command:
kesl-control [-R] --remove-kataedr-client-certificate
If certificate usage is configured in the settings of Kaspersky Endpoint Detection and Response (KATA) Integration task and the task is running, deletion of this certificate ends with an error.
Page top