Requirements for custom certificates used in Kaspersky Security Center Linux

Support

Support for business applications

Kaspersky Security Center 15 Linux

Getting started

Installation

Certificates for work with Kaspersky Security Center Linux

Requirements for custom certificates used in Kaspersky Security Center Linux

May 3, 2024

ID 191451

Get as PDF

The table below shows the requirements for custom certificates specified for different components of Kaspersky Security Center Linux.

Requirements for Kaspersky Security Center Linux certificates

Certificate type	Requirements	Comments
Common certificate, Common reserve certificate ("C", "CR")	Minimum key length: 2048. Basic constraints: CA: true Path Length Constraint: None Key Usage: Digital signature Certificate signing Key encipherment CRL Signing Extended Key Usage (optional): server authentication, client authentication.	Extended Key Usage parameter is optional. Path Length Constraint value may be an integer different from "None," but not less than 1.
Web Server certificate	Extended Key Usage: server authentication. The PKCS #12 / PEM container from which the certificate is specified includes the entire chain of public keys. The Subject Alternative Name (SAN) of the certificate is present; that is, the value of the `subjectAltName` field is valid. The certificate meets the effective requirements of web browsers imposed on server certificates, as well as the current baseline requirements of the CA/Browser Forum.	Not applicable.
Kaspersky Security Center Web Console certificate	The PEM container from which the certificate is specified includes the entire chain of public keys. The Subject Alternative Name (SAN) of the certificate is present; that is, the value of the `subjectAltName` field is valid. The certificate meets the effective requirements of web browsers to server certificates, as well as the current baseline requirements of the CA/Browser Forum.	Encrypted certificates are not supported by Kaspersky Security Center Web Console.

Certificate type

Requirements

Comments

Common certificate, Common reserve certificate ("C", "CR")

Minimum key length: 2048.

Basic constraints:

CA: true
Path Length Constraint: None
Key Usage:
Digital signature
Certificate signing
Key encipherment
CRL Signing

Extended Key Usage (optional): server authentication, client authentication.

Extended Key Usage parameter is optional.

Path Length Constraint value may be an integer different from "None," but not less than 1.

Web Server certificate

Extended Key Usage: server authentication.

The PKCS #12 / PEM container from which the certificate is specified includes the entire chain of public keys.

The Subject Alternative Name (SAN) of the certificate is present; that is, the value of the subjectAltName field is valid.

The certificate meets the effective requirements of web browsers imposed on server certificates, as well as the current baseline requirements of the CA/Browser Forum.

Not applicable.

Kaspersky Security Center Web Console certificate

The PEM container from which the certificate is specified includes the entire chain of public keys.

The Subject Alternative Name (SAN) of the certificate is present; that is, the value of the subjectAltName field is valid.

The certificate meets the effective requirements of web browsers to server certificates, as well as the current baseline requirements of the CA/Browser Forum.

Encrypted certificates are not supported by Kaspersky Security Center Web Console.

Kaspersky Endpoint Security for Linux: High protection without performance compromising

Detects and blocks advanced threats. Buy as part of Endpoint Security for Business Advanced.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.