Creating a certificate for connecting Kaspersky Thin Client to Kaspersky Security Center

You can manually create a certificate for connecting Kaspersky Thin Client to Kaspersky Security Center. The created certificate can be used as a primary or a reserve one, for example, when migrating to a new Kaspersky Security Center Administration Server.

We recommend familiarizing yourself with the requirements for Kaspersky Security Center certificates stated in the Requirements for custom certificates used in Kaspersky Security Center section of the Kaspersky Security Center Online Help.

The created certificate must be uploaded to the Web Console.

To create a certificate for connecting Kaspersky Thin Client to Kaspersky Security Center using the OpenSSL tool:

  1. Start the console and go to the folder in which you want to create the certificate.
  2. In the console, start the OpenSSL tool and run the following command:

    openssl req -x509 -newkey rsa:2048 -keyout key.pem -out server.pem -days 397 -subj '/CN=mydomain.ru/C=RU/L=Moscow/O=My Organization Name/OU=My Organization Unit Name' -addext "keyUsage = digitalSignature, keyEncipherment, dataEncipherment, cRLSign, keyCertSign" -addext "extendedKeyUsage = serverAuth, clientAuth"

    where:

    • -keyout key.pem is a name of the file in which the private key of the created certificate will be saved.
    • -out server.pem is a name of the file in which the created certificate will be saved.
    • -days is a setting that defines the validity term of the created certificate, in days. We recommend setting a certificate validity term of no more than 397 days.
    • -subj '/CN=mydomain.ru/C=RU/L=Moscow/O=My Organization Name/OU=My Organization Unit Name' is data of your organization: domain name, location, name.
  3. Enter and confirm the password for the private certificate key. This password will need to be entered when uploading the user certificate to the Web Console as a mobile certificate. Minimum password length: 8 characters.

As a result, the following two files will be created in the folder where you ran the command:

If necessary, you can convert a certificate file from PEM to DER format.

Page top