Changing the default IAM certificate to a custom one

To change the default IAM certificate:

1. Ensure that the kladmins group has access to IAM certificate files.
2. Locate the IAM configuration file: /var/opt/kaspersky/klnagent_srv/iam/iam_config.yaml

   In this file, add paths to IAM certificate files to the server_iam section:

   • server_iam.certificates.main.cert: Path to the primary certificate file.
   • server_iam.certificates.main.key: Path to the private key of the primary certificate. The private key must not be password-protected.
3. Locate the Web Console configuration file: /etc/ksc-web-console-setup.json

   In this file, set the iamCertPath field value to the path to the public key of the primary certificate.

4. Restart the kliam service.
5. Reinstall the Web Console.

   Once reinstalled, the Web Console uses the custom IAM certificate.

To change the reserve IAM certificate:

1. Locate the IAM configuration file: /var/opt/kaspersky/klnagent_srv/iam/iam_config.yaml

   In this file, specify paths to IAM certificate files:

   • server_iam.certificates.reserve.cert: Path to the primary certificate file.
   • server_iam.certificates.reserve.key: Path to the private key of the primary certificate. The private key must not be password-protected.
2. Restart the kliam service.

   Once the primary certificate file expires, the reserve IAM certificate is used instead.

Page top