Support

Support for business applications

Kaspersky Thin Client

Managing Kaspersky Thin Client through the Kaspersky Security Center Web Console

Managing Kaspersky Thin Client security certificates through the Web Console

Creating a user certificate for connecting Kaspersky Thin Client to Kaspersky Security Center

Kaspersky Thin Client
Нет результатов
Knowledge Base Online Help
FAQ Forum Contact support Recovery tools Product videos

Creating a user certificate for connecting Kaspersky Thin Client to Kaspersky Security Center

October 23, 2023

ID 228751

Get as PDF

You can use a user certificate for connecting Kaspersky Thin Client to Kaspersky Security Center. For detailed information about the requirements applied to Kaspersky Security Center certificates, see the Requirements for custom certificates used in Kaspersky Security Center section of the Kaspersky Security Center Online Help Guide. We recommend using a user certificate when migrating a group of devices running Kaspersky Thin Client to a new Kaspersky Security Center Administration Server. After the user certificate is created, it must be uploaded to the Web Console as a mobile certificate. You can use the OpenSSL tool to create a user certificate.

To create a user certificate for connecting Kaspersky Thin Client to Kaspersky Security Center using the OpenSSL tool:

  1. Start the console and go to the folder in which you want to create the certificate.
  2. In the console, start the OpenSSL tool and run the following command:

    openssl req -x509 -newkey rsa:2048 -keyout key.pem -out server.pem -days 729 -subj '/CN=mydomain.ru/C=RU/L=Moscow/O=My Organization Name/OU=My Organization Unit Name' -addext "keyUsage = digitalSignature, keyEncipherment, dataEncipherment, cRLSign, keyCertSign" -addext "extendedKeyUsage = serverAuth, clientAuth"

    where:

    • -keyout key.pem is a name of the file in which the private key of the created certificate will be saved.
    • -out server.pem is a name of the file in which the created certificate will be saved.
    • -days is a setting that defines the validity term of the created certificate, in days. We recommend setting a certificate validity term of no more than 729 days.
    • -subj '/CN=mydomain.ru/C=RU/L=Moscow/O=My Organization Name/OU=My Organization Unit Name' is data of your organization: domain name, location, name.
  3. Enter and confirm the password for the private certificate key. This password will need to be entered when uploading the user certificate to the Web Console as a mobile certificate. There are no special password requirements.

As a result, the following two files will be created in the folder where you ran the command:

  • server.pem is a certificate file for connecting Kaspersky Thin Client to Kaspersky Security Center.
  • key.pem is a private key of the certificate for connecting Kaspersky Thin Client to Kaspersky Security Center.

If necessary, you can convert a certificate file from PEM to DER format.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.