Support

Support for business applications

Kaspersky Security Center 14

Best Practices for Service Providers

Deployment and initial setup

Deploying the Mobile Device Management feature

Integration with Public Key Infrastructure

Kaspersky Security Center
Нет результатов
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ Download Buy Renew Forum Contact support Recovery tools

Integration with Public Key Infrastructure

April 17, 2024

ID 92526_1

Get as PDF

Integration with Public Key Infrastructure (hereinafter referred to as PKI) is primarily intended for simplifying the issuance of domain user certificates by Administration Server.

The administrator can assign a domain certificate for a user in Administration Console. This can be done using one of the following methods:

  • Assign the user a special (customized) certificate from a file in the Certificate installation wizard.
  • Perform integration with PKI and assign PKI to act as the source of certificates for a specific type of certificates or for all types of certificates.

The settings of integration with PKI are available in the workspace of the Mobile Device Management / Certificates folder by clicking the Integrate with public key infrastructure link.

General principle of integration with PKI for issuance of domain user certificates

In Administration Console, click the Integrate with public key infrastructure link in the workspace of the Mobile Device Management / Certificates folder to specify a domain account that will be used by Administration Server to issue domain user certificates through the domain's CA (hereinafter referred to as the account under which integration with PKI is performed).

Please note the following:

  • The settings of integration with PKI provide you the possibility to specify the default template for all types of certificates. Note that the rules for issuance of certificates (available in the workspace of the Mobile Device Management / Certificates folder by clicking the Configure certificate issuance rules button) allow you to specify an individual template for every type of certificates.
  • A special Enrollment Agent (EA) certificate must be installed on the device with Administration Server, in the certificates repository of the account under which integration with PKI is performed. The Enrollment Agent (EA) certificate is issued by the administrator of the domain's CA (Certificate Authority).

The account under which integration with PKI is performed must meet the following criteria:

  • It is a domain user.
  • It is a local administrator of the device with Administration Server from which integration with PKI is initiated.
  • It has the right to Log On As Service.
  • The device with Administration Server installed must be run at least once under this account to create a permanent user profile.

Kaspersky Security Center: Optimization of daily routine tasks
A powerful administration console, with an additional flexible web-based interface that’s available wherever you are. Buy as part of Endpoint Security for Business Advanced.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.