Support

Support for business applications

Kaspersky Endpoint Security 11 for Linux

Kaspersky Endpoint Detection and Response (KATA) Integration task (KATAEDR, ID:24)

Managing certificates for connecting to KATA servers

Kaspersky Endpoint Security 11 for Linux
Нет результатов
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ Download Buy Renew Forum Contact support Recovery tools

Managing certificates for connecting to KATA servers

December 12, 2023

ID 245754

Root privileges are required to manage certificates.

You can manage certificates used to connect to KATA servers using commands. What you can do with certificates:

  • Add or replace the server certificate
  • Display information about the server certificate
  • Remove the server certificate
  • Add or replace the client certificate
  • Display information about the client certificate
  • Remove the client certificate

To add or replace the server certificate, run the following command:

kesl-control [-R] --add-kataedr-server-certificate <file name and path>

where <file name and path> are the name and path to the file containing the server certificate.

To add or change a client certificate:

  1. Execute the command:

    kesl-control [-R] --add-kataedr-client-certificate <file name and path>

    where <file name and path>‍ is the name and path to the cryptocontainer (PFX archive) containing the client certificate and private key.

  2. If the cryptocontainer is password-protected, enter the password when prompted.

The client certificate is used for additional protection of the connection to the KATA server if client certificate verification is enabled in KATA server settings and in the Integration with Kaspersky Anti Targeted Attack Platform task settings for the UseClientPinnedCertificate setting the yes value is set.

To display certificate information, run the following command:

  • for the server certificate:

    kesl-control [-R] --query-kataedr-server-certificate

  • for the client certificate:

    kesl-control [-R] --query-kataedr-client-certificate

Running the command displays the following certificate information:

  • certificate serial number
  • certificate subject
  • certificate issuer
  • certificate start date
  • certificate expiration date
  • SHA-1 and SHA-256 certificate thumbprint

To delete the server certificate information, run the following command:

kesl-control [-R] --remove-kataedr-server-certificate

To delete the client certificate information, run the following command:

kesl-control [-R] --remove-kataedr-client-certificate

If certificate usage is configured in the settings of Kaspersky Endpoint Detection and Response (KATA) Integration task and the task is running, deletion of this certificate ends with an error.

Kaspersky Endpoint Security for Linux: High protection without performance compromising
Detects and blocks advanced threats. Buy as part of Endpoint Security for Business Advanced.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.