Support

Support for business applications

Kaspersky Thin Client

Managing Kaspersky Thin Client through the Kaspersky Security Center Web Console

Managing Kaspersky Thin Client certificates through the Web Console

About a certificate for connecting Kaspersky Thin Client to Kaspersky Security Center

Creating a certificate for connecting Kaspersky Thin Client to Kaspersky Security Center

Kaspersky Thin Client
Нет результатов
Knowledge Base Online Help
FAQ Forum Contact support Recovery tools

Creating a certificate for connecting Kaspersky Thin Client to Kaspersky Security Center

May 30, 2024

ID 228751

Get as PDF

You can manually create a certificate for connecting Kaspersky Thin Client to Kaspersky Security Center. The created certificate can be used as a primary or a reserve one, for example, when migrating to a new Kaspersky Security Center Administration Server.

We recommend familiarizing yourself with the requirements for Kaspersky Security Center certificates stated in the Requirements for custom certificates used in Kaspersky Security Center section of the Kaspersky Security Center Online Help.

The created certificate must be uploaded to the Web Console.

To create a certificate for connecting Kaspersky Thin Client to Kaspersky Security Center using the OpenSSL tool:

  1. Start the console and go to the folder in which you want to create the certificate.
  2. In the console, start the OpenSSL tool and run the following command:

    openssl req -x509 -newkey rsa:2048 -keyout key.pem -out server.pem -days 729 -subj '/CN=mydomain.ru/C=RU/L=Moscow/O=My Organization Name/OU=My Organization Unit Name' -addext "keyUsage = digitalSignature, keyEncipherment, dataEncipherment, cRLSign, keyCertSign" -addext "extendedKeyUsage = serverAuth, clientAuth"

    where:

    • -keyout key.pem is a name of the file in which the private key of the created certificate will be saved.
    • -out server.pem is a name of the file in which the created certificate will be saved.
    • -days is a setting that defines the validity term of the created certificate, in days. We recommend setting a certificate validity term of no more than 729 days.
    • -subj '/CN=mydomain.ru/C=RU/L=Moscow/O=My Organization Name/OU=My Organization Unit Name' is data of your organization: domain name, location, name.
  3. Enter and confirm the password for the private certificate key. This password will need to be entered when uploading the user certificate to the Web Console as a mobile certificate. There are no special password requirements.

As a result, the following two files will be created in the folder where you ran the command:

  • server.pem is a certificate file for connecting Kaspersky Thin Client to Kaspersky Security Center.
  • key.pem is a private key of the certificate for connecting Kaspersky Thin Client to Kaspersky Security Center.

If necessary, you can convert a certificate file from PEM to DER format.

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.