Working with certificates of mobile devices

This section contains information about how to work with certificates of mobile devices.

The root certificate for mobile devices has a fixed expiration term of 700 days after its generation. The reserve certificate is generated 60 days prior to the expiration date. You can modify the time period for generating a reserve certificate with the following command:

klscflag.exe -fset -pv klserver -n KLSRV_AKLWNGT_MDM_CERT_CHANGE_TIMEOUT -t d -v <timeout in seconds>

The time period for generating a reserve certificate needs to be long enough for all managed mobile devices to synchronize with the Administration Server and retrieve the certificate.

The klscflag utility is located in the folder where Administration Server is installed. The default installation path is <Disk>:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Center.

Manual renewal of the root certificate for mobile devices is not supported.

In this section

Starting the Certificate installation wizard

Step 1. Selecting certificate type

Step 2. Selecting device type

Step 3. Selecting a user

Step 4. Selecting certificate source

Step 5. Assigning a tag to the certificate

Step 6. Specifying certificate publishing settings

Step 7. Selecting user notification method

Step 8. Generating the certificate

Configuring certificate issuance rules

Integration with public key infrastructure

Enabling support of Kerberos Constrained Delegation

See also:

Scenario: Mobile Device Management deployment

Page top