To migrate thin clients to a new Kaspersky Security Center Administration Server, issue a certificate, save it on the current Kaspersky Security Center Server as a reserve one, and then use it on the new Server as the primary certificate.
To issue and prepare a new certificate:
openssl req -x509 -sha256 -nodes -days 397 -newkey rsa:2048 -keyout <key file name>.key -out <certificate file name>.crt
The generated certificate and key files are saved locally.
openssl pkcs12 -export -out -<container name>.pfx -inkey <key file name>.key -in <certificate file name>.crt
As a result, the container file in PFX format is saved locally.
To upload a certificate to the current Kaspersky Security Center Server as a reserve one:
klsetsrvcert -t MR -i <path to the container> -p <container password> -o NoCA
You do not need to download the klsetsrvcert utility. The utility is included in the Kaspersky Security Center distribution kit.
After the command execution, Kaspersky Security Center restarts.
The reserve certificate is uploaded to the Web Console.
To upload the certificate to a new Kaspersky Security Center Server as the main one:
In the console, start the klsetsrvcert utility and run the following command:
klsetsrvcert -t M -i <path to the container> -p <container password> -o NoCA
After execution of the instructions above, the certificate for connecting to the new Kaspersky Security Center Administration Server is updated.
Page top