Kaspersky Security Center

Reissuing the Web Server certificate

July 8, 2024

ID 208265

The Web Server certificate used in Kaspersky Security Center is required for publishing Network Agent installation packages that you subsequently download to managed devices, as well as for publishing iOS MDM profiles, iOS apps, and Kaspersky Endpoint Security for Mobile installation packages. Depending on the current application configuration, various certificates can function as the Web Server certificate (for more detail, see About Kaspersky Security Center certificates).

You may need to reissue the Web Server certificate to meet the specific security requirements of your organization or to maintain continuous connection of your managed devices before starting to upgrade the application. Kaspersky Security Center provides two ways of reissuing the Web Server certificate; the choice between the two methods depends on whether you have mobile devices connected and managed through the mobile protocol (i.e., by using the mobile certificate).

If you have never specified your own custom certificate as the Web Server certificate in the Web Server section of the Administration Server properties window, the mobile certificate acts as the Web Server certificate. In this case, the Web Server certificate reissuance is performed through the reissuance of the mobile protocol itself.

To reissue the Web Server certificate when you have no mobile devices managed through the mobile protocol:

  1. In the console tree, right-click the name of the relevant Administration Server and in the context menu select Properties.
  2. In the Administration Server properties window that opens, in the left pane, select the Administration Server connection settings section.
  3. In the list of subsections, select the Certificates subsection.
  4. If you plan to continue using the certificate issued by Kaspersky Security Center, do the following:
    1. On the right pane, in the Administration Server authentication by mobile devices group of settings, select the Certificate issued through Administration Server option and click the Reissue button.
    2. In the Reissue certificate window that opens, in the Connection address and Activation term group of settings, select the relevant options and click OK.
    3. In the confirmation window, click Yes.

    Alternatively, if you plan to use your own custom certificate, do the following:

    1. Check whether your custom certificate meets the requirements of Kaspersky Security Center and the requirements for trusted certificates by Apple. If necessary, modify the certificate.
    2. Select the Other certificate option and click the Browse button.
    3. In the Certificate window that opens, in the Certificate type field select the type of your certificate and then specify the certificate location and settings:
      • If you have selected PKCS #12 container, click the Browse button next to the Certificate file field and specify the certificate file on your hard drive. If the certificate file is password-protected, enter the password in the Password (if any) field.
      • If you have selected X.509 certificate, click the Browse button next to the Private key (.prk, .pem) field and specify the private key on your hard drive. If the private key is password-protected, enter the password in the Password (if any) field. Then click the Browse button next to the Public key (.cer) field and specify the private key on your hard drive.
    4. In the Certificate window, click OK.
    5. In the confirmation window, click Yes.

    The mobile certificate is reissued to be used as the Web Server certificate.

To reissue the Web Server certificate when you have any mobile devices managed through the mobile protocol:

  1. Generate your custom certificate and prepare it for the usage in Kaspersky Security Center. Check whether your custom certificate meets the requirements of Kaspersky Security Center and the requirements for trusted certificates by Apple. If necessary, modify the certificate.

    You can use the kliossrvcertgen.exe utility for certificate generation.

  2. In the console tree, right-click the name of the relevant Administration Server and in the context menu select Properties.
  3. In the Administration Server properties window that opens, in the left pane, select the Web Server section.
  4. In the Over HTTPS menu, select the Specify another certificate option.
  5. In the Over HTTPS menu, click the Change button.
  6. In the Certificate window that opens, in the Certificate type field select the type of your certificate:
    • If you have selected PKCS #12 container, click the Browse button next to the Certificate file field and specify the certificate file on your hard drive. If the certificate file is password-protected, enter the password in the Password (if any) field.
    • If you have selected X.509 certificate, click the Browse button next to the Private key (.prk, .pem) field and specify the private key on your hard drive. If the private key is password-protected, enter the password in the Password (if any) field. Then click the Browse button next to the Public key (.cer) field and specify the private key on your hard drive.
  7. In the Certificate window, click OK.
  8. If necessary, in the Administration Server properties window, in the Web Server HTTPS port field change the number of the HTTPS port for Web Server. Click OK.

    The Web Server certificate is reissued.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.