Client applications that connect to Kaspersky Industrial CyberSecurity for Networks Server through the API establish a secure connection using client certificates and the gRPC server certificate.
During the application installation process, the following keys and certificates are created:
This certificate is used by client applications for Server authentication. The Server uses this certificate to establish a connection with client nodes.
This certificate is used by the administrator to create client certificates. Client applications use this certificate to confirm the authenticity of their certificates (as part of the certificate chain).
This private key is used by the administrator to create client certificates.
By default, the specified files are located in the folder /var/opt/kaspersky/kics4net/public_certs/. Access to this folder is granted to a user with root privileges as well as to users of the kics4net group.
To connect to the gRPC server, the client application must use the following certificates and keys:
This certificate, which is created during installation of the application, is required for Server authentication.
This certificate chain is used by the client application for authentication. The certificate chain includes a client certificate authenticated by the root certificate of the gRPC server, and the chain of certificates up to the root certificate of the gRPC server.
This private key is used by the client application during authentication.
The administrator must create certificates and keys to be used by client applications (hereinafter also referred to as "client certificates"). Each client certificate must be created in the name of the computer that will connect to the Kaspersky Industrial CyberSecurity for Networks Server through the API.
For information on using client certificates to establish a connection with the Kaspersky Industrial CyberSecurity for Networks Server through the API, please refer to the documentation for the Kaspersky Industrial CyberSecurity for Networks API.
Page top