Working with certificates of mobile devices

This section contains information about how to work with certificates of mobile devices.

The root certificate for mobile devices has a fixed expiration term of 700 days after its generation. The reserve certificate is generated 60 days prior to the expiration date. You can modify the time period for generating a reserve certificate with the following command:

klscflag.exe -fset -pv klserver -n KLSRV_AKLWNGT_MDM_CERT_CHANGE_TIMEOUT -t d -v <timeout in seconds>

The time period for generating a reserve certificate needs to be long enough for all managed mobile devices to synchronize with the Administration Server and retrieve the certificate.

The klscflag utility is located in the folder where Administration Server is installed. The default installation path is <Disk>:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Center.

Manual renewal of the root certificate for mobile devices is not supported.

In this section Starting the Certificate installation wizard Step 1. Selecting certificate type Step 2. Selecting device type Step 3. Selecting a user Step 4. Selecting certificate source Step 5. Assigning a tag to the certificate Step 6. Specifying certificate publishing settings Step 7. Selecting user notification method Step 8. Generating the certificate Configuring certificate issuance rules Integration with public key infrastructure Enabling support of Kerberos Constrained Delegation

See also: Scenario: Mobile Device Management deployment

Page top