Changing the default IAM certificate to a custom one

The IAM certificate is created automatically the first time you run Administration Server. The certificate is stored on the Administration Server device in the directory: var/opt/kaspersky/klnagent_srv/iam/main_certificate.pem (for Kaspersky Security Center Linux failover cluster: <shared data folder>/iam/main_certificate.pem). You must specify the path to the IAM certificate by using the iamCertPath parameter when you create a response file for installing Kaspersky Security Center Web Console.

To change the default IAM certificate:

1. Ensure that the kladmins group has access to IAM certificate files.
2. Create a certificate that is trusted in your infrastructure and that meets the requirements for custom certificates.
3. Locate the IAM configuration file:

   /var/opt/kaspersky/klnagent_srv/iam/iam_config.yaml

   In this file, specify the path to the IAM certificate file.

   server_iam:

   ksc_ca: "<path to the certificate>"

4. Locate the Web Console configuration file:

   /etc/ksc-web-console-setup.json

   In this file, set the iamCertPath field value to the path to the public key of the primary certificate.

5. Restart the IAM service.
6. Reinstall the Web Console.

Once reinstalled, the Web Console uses the custom IAM certificate.

Page top