How to configure certificate scanning of a remote machine running under Windows
Kaspersky Thin Client can use automatically generated SSL or TLS certificates to securely connect to a remote machine. To configure scanning certificates and to upload them to Kaspersky Security Center, use the following instructions for machines in a domain or for non-domain machines.
How to configure certificate scanning for non-domain machines
For the non-domain machines, a self-signed certificate is generated in the Certificate manager. By default, it is located in the Remote Desktop folder and has the same name which the machine does. For example, "DESKTOP-KSCVBK9".
To use this certificate when connecting to a remote machine, download it from the certificate storage on the local machine and upload to Kaspersky Security Center using the instruction.
How to configure certificate scanning for the domain machines under Active Directory controller management
- If the policy of certificate distribution by a domain controller is not configured for machines, follow the instruction for the non-domain machines.
- To learn how to configure a certificate distribution policy by an Active Directory domain controller, see this instruction.
- If the certificate distribution policy by a domain controller is configured for machines, a new certificate will be generated in the computer certificate console in the Personal folder. Its name will match the full domain name of the machine and will be signed by your internal corporate Microsoft Certification Authority.
- To use this certificate when connecting to a remote machine, download it from the certificate storage on the local machine and upload to Kaspersky Security Center using the instruction.
How to download a certificate from the store and upload to Kaspersky Security Center
- Click the search icon on the taskbar and type certlm.msc. Open the computer certificate console.
- Right-click the needed certificate and select All tasks → Export in the context menu.
For the non-domain machines, export the certificate from the folder: Remote Desktop → Certificates.
For the machines in a domain, export the certificate from the folder: Personal → Certificates.
- Select No, do not export the private key in the Certificate Export Wizard and click Next.
- Select DER encoded binary X.509 (CER) and click Next.
- In the File name field, enter the name of the exported file. E.g., the full domain name. Click Next.
- Click Finish.
- Upload the resulting file to the Kaspersky Security Management Suite policy via Kaspersky Security Center Web Console using the instruction.
- In the Kaspersky Security Management Suite policy, enable the trusted mode.