The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.

Integration with Public Key Infrastructure

Integration with Public Key Infrastructure (hereinafter referred to as PKI) is primarily intended for simplifying the issuance of domain user certificates by Administration Server. Following integration, certificates are issued automatically.

The minimum supported PKI server version is Windows Server 2008.

The administrator can assign a domain certificate for a user in Administration Console. This can be done by using one of the following methods:

General principle of integration with PKI for issuance of domain user certificates

Please note the following:

The account under which integration with PKI is performed must meet the following criteria:

To create a permanent user profile, log on at least once under the configured user account on the device with Administration Server installed. In this user's certificate repository on the Administration Server device, install the Enrollment Agent certificate provided by domain administrators.

Configuring integration with PKI

To configure integration with the public keys infrastructure:

  1. In the console tree, expand the Mobile Device Management folder and select the Certificates subfolder.
  2. In the workspace, click the Certificate type button to open the Integration with PKI section of the Certificate issuance rules window.

    The Integration with PKI section of the Certificate issuance rules window opens.

  3. Select the Integrate issuance of certificates with PKI check box.
  4. In the Account field, specify the name of the user account to be used for integration with the public key infrastructure.
  5. In the Password field, enter the domain password for the account.
  6. In the Certificate template name in PKI system list, select the certificate template that will be used for the issuance of certificates to domain users.

    A dedicated service is run in Kaspersky Endpoint Security under the specified user account. This service is responsible for issuing users' domain certificates. The service is run when the list of certificate templates is loaded by clicking the Refresh list button or when a certificate is generated.

    When connecting a non-domain user's mobile device (running either Android or iOS) to Kaspersky Security Center, the attempt to issue a certificate may fail.

  7. Click OK to save the settings.

Following integration, certificates are issued automatically.

See also:

Scenario: Mobile Device Management deployment

Page top