The following certificates are used in Kaspersky MLAD:
It is recommended to update certificates in the following cases:
Updating a certificate for connecting to Kaspersky MLAD using the web interface
By default, Kaspersky MLAD uses a self-signed certificate that is automatically generated during the application installation to connect to the web interface. When using a self-signed certificate to connect to the Kaspersky MLAD web interface, the browser displays a warning that the security certificate or the established connection is not trusted.
To use trusted certificates to connect to the Kaspersky MLAD web interface, you can replace the self-signed certificate with a certificate received from a recognized certification authority or with a custom certificate that complies with the security standards of your organization.
By default, Kaspersky MLAD uses the mlad-4.0.2-<installation build number>/ssl/nginx/ directory to store certificates for connecting to the web interface.
The certificate for connecting to Kaspersky MLAD using the web interface can be updated by a qualified technical specialist of the Customer, a Kaspersky employee or a certified integrator.
To update certificates for connecting to Kaspersky MLAD using the web interface:
A certificate must be received for the IP address and domain name of the server on which Kaspersky MLAD is installed.
sudo chown root:root <
new certificate
.crt> <
new certificate key
.key>
sudo chmod 640 <
new certificate
.crt> <
new certificate key
.key>
sudo cp <
new certificate
.crt> mlad-4.0.2-<
installation build number
>/ssl/nginx/mlad_nginx.crt
sudo cp <
new certificate key
.key> mlad-4.0.2-<
installation build number
>/ssl/nginx/mlad_nginx.key
The new certificate and its key are saved in the mlad-4.0.2-<installation build number>/ssl/nginx/ directory as the mlad_nginx.crt and mlad_nginx.key files, respectively.
mlad-4.0.2-<
installation build number
>/mlad-stop.sh
mlad-4.0.2-<
installation build number
>/mlad-start.sh
After restarting, Kaspersky MLAD uses the new certificate to connect to the web interface.
Updating a certificate for connecting connectors and services
In Kaspersky MLAD, you can use a secure connection for MQTT Connector, AMQP Connector, WebSocket Connector, and the Mail Notifier service. You can update certificates for connecting these connectors and the Mail Notifier service using a secure connection in the System parameters section of the administrator menu.
To connect the MQTT Connector, AMQP Connector, and WebSocket Connector as well as the Mail Notifier service over a secure connection, it is recommended to use certificates created according to the X.509 standard with a certificate key length of at least 4,096 bits.
The certificate for connecting the KICS Connector is contained in the communication data package, which you can update in Kaspersky Industrial CyberSecurity for Networks. You can upload the updated communication data package to Kaspersky MLAD when configuring the KICS Connector. For detailed information about creating a communication data package, please refer to the Kaspersky Industrial CyberSecurity for Networks Help Guide.
Kaspersky Machine Learning for Anomaly Detection is compatible with Kaspersky Industrial CyberSecurity for Networks version 4.0 and later.
Page top