You can manually create a certificate for connecting Kaspersky Thin Client to Kaspersky Security Center. The created certificate can be used as a primary or a reserve one, for example, when migrating to a new Kaspersky Security Center Administration Server.
We recommend familiarizing yourself with the requirements for Kaspersky Security Center certificates stated in the Requirements for custom certificates used in Kaspersky Security Center section of the Kaspersky Security Center Online Help.
The created certificate must be uploaded to the Web Console.
To create a certificate for connecting Kaspersky Thin Client to Kaspersky Security Center using the OpenSSL tool:
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out server.pem -days 397 -subj '/CN=mydomain.ru/C=RU/L=Moscow/O=My Organization Name/OU=My Organization Unit Name' -addext "keyUsage = digitalSignature, keyEncipherment, dataEncipherment, cRLSign, keyCertSign" -addext "extendedKeyUsage = serverAuth, clientAuth"
where:
-keyout key.pem is a name of the file in which the private key of the created certificate will be saved.-out server.pem is a name of the file in which the created certificate will be saved.-days is a setting that defines the validity term of the created certificate, in days. We recommend setting a certificate validity term of no more than 397 days.-subj '/CN=mydomain.ru/C=RU/L=Moscow/O=My Organization Name/OU=My Organization Unit Name' is data of your organization: domain name, location, name.As a result, the following two files will be created in the folder where you ran the command:
If necessary, you can convert a certificate file from PEM to DER format.
Page top