Updating SSL connection certificates
Kaspersky Industrial CyberSecurity for Networks can use the following certificates:
- Certificates for connections between nodes of Kaspersky Industrial CyberSecurity for Networks.
- Certificates for connecting to Kaspersky Industrial CyberSecurity for Networks through the web interface.
- Certificates for connecting through the Kaspersky Industrial CyberSecurity for Networks API.
- Certificates for connecting connectors.
- Certificates for connections with Kaspersky Endpoint Agent.
It is recommended to update certificates in the following cases:
- Current certificates have been compromised.
- Certificates have expired.
- Certificates need to be regularly updated in accordance with the information security requirements at the enterprise.
Updating certificates for connections between nodes of Kaspersky Industrial CyberSecurity for Networks
During installation of Kaspersky Industrial CyberSecurity for Networks, certificates for connections between nodes of Kaspersky Industrial CyberSecurity for Networks are automatically updated. You can manually update these certificates without reinstalling application components.
To update certificates for connections between nodes of Kaspersky Industrial CyberSecurity for Networks:
- On the Server computer, go to the /opt/kaspersky/kics4net/sbin/ folder and enter the command to launch the script for local certificate update:
sudo bash kics4net-update-certs.sh - After the script finishes, return all sensors to the initial state using the kics4net-reset-to-defaults.sh script that reverts the node to the initial state. The script is located on the computer with the installed application component in the /opt/kaspersky/kics4net/sbin/ folder.
- Add and connect sensors again.
Updating the certificate for connecting to the Kaspersky Industrial CyberSecurity for Networks Server through the web interface
To update the certificate for connecting to the Kaspersky Industrial CyberSecurity for Networks Server through the web interface, you need to replace the certificate used by the web server. You can specify a new web server certificate under Settings → Connection Servers on the Web server tab.
Updating the certificate for connecting to the Server through the Kaspersky Industrial CyberSecurity for Networks API
To update the certificate for connecting to the Server through the Kaspersky Industrial CyberSecurity for Networks API, you need to replace the certificate used by the REST API server. You can specify a new REST API server certificate under Settings → Connection Servers on the REST API server tab.
Updating certificates for connecting connectors
You can update certificates for connecting unmanageable connectors (or connectors configured to ignore the functions of a manageable connector) when creating new communication data packages for connectors. To update the certificates of manageable connectors, you must remove these connectors and then add them again.
Updating certificates for connections with Kaspersky Endpoint Agent
You can update the certificates used for connections with Kaspersky Endpoint Agent when changing the settings of integration servers.
