Managing certificates for connecting to the NDR server

Managing certificates requires the rights of a user with the Administrator (admin) role.

You can manage certificates used to connect to the NDR server using commands. What you can do with certificates:

Add or replace the NDR server certificate
Display information about the server certificate
Remove the server certificate
Delete or replace the client certificate used to secure the connection to an NDR server
Display information about the client certificate
Remove the client certificate

To add or replace the server certificate, run the following command:

kesl-control [-R] --add-katandr-server-certificate <file>

<file> is the path to the file containing the server certificate.

To add or change a client certificate:

Run the following command:
kesl-control [-R] --add-katandr-client-certificate <file>

where <file> is the path to the cryptocontainer (PFX archive) containing the client certificate and private key.
If the cryptocontainer is password-protected, enter the password when prompted.

The client certificate is used for additional protection of the connection to the NDR server if client certificate verification is enabled in NDR server settings and in the Kaspersky Network Detection and Response (KATA) Integration task settings, UseClientPinnedCertificate is set to yes.

To display the server certificate information, run the following command:

kesl-control [-R] --query-katandr-server-certificate

To display the client certificate information, run the following command:

kesl-control [-R] --query-katandr-client-certificate

Running the command displays the following certificate information:

To delete the server certificate information, run the following command:

kesl-control [-R] --remove-katandr-server-certificate

To delete the client certificate information, run the following command:

kesl-control [-R] --remove-katandr-client-certificate