Support

Support for business applications

Kaspersky Unified Monitoring and Analysis Platform

Administrator's guide

Installing and removing KUMA

Distributed installation

Modifying the self-signed web console certificate

Kaspersky Unified Monitoring and Analysis Platform
Нет результатов
Knowledge Base Online Help
FAQ Solution overview Forum Contact support Product videos

Modifying the self-signed web console certificate

April 8, 2024

ID 217747

Get as PDF

Before changing KUMA certificate, make sure to back up the previous certificate and key with the names external.cert.old and external.key.old respectively.

After installing the KUMA Core, the installer creates the following certificates in the /opt/kaspersky/kuma/core/certificates folder:

  • Self-signed root certificate ca.cert with the ca.key.

    Signs all other certificates that are used for internal communication between KUMA components.

  • The internal.cert certificate signed with the root certificate, and the Core server internal.key.

    Used for internal communication between KUMA components.

  • KUMA web console external.cert certificate and external.key.

    Used in the KUMA web console and for REST API requests.

    You can use your company certificate and key instead of self-signed web console certificate. For example, if you want to replace self-signed CA Core certificate with a certificate issued by an enterprise CA, you must provide an external.cert and an unencrypted external.key in PEM format.

    The following example shows how to replace a self-signed CA Core certificate with an enterprise certificate in PFX format. You can use the instructions as an example and adapt the steps according to your needs.

To replace the KUMA web console certificate with an external certificate:

  1. Switch to root user operation:

    sudo -i

  2. Go to the certificates directory:

    cd /opt/kaspersky/kuma/core/certificates

  3. Make a backup copy of the current certificate and key:

    mv external.cert external.cert.old && mv external.key external.key.old

  4. In OpenSSL, convert the PFX file to a certificate and an encrypted key in PEM format:

    openssl pkcs12 -in kumaWebIssuedByCorporateCA.pfx -nokeys -out external.cert

    openssl pkcs12 -in kumaWebIssuedByCorporateCA.pfx -nocerts -nodes -out external.key

    When carrying out the command, you are required to specify the PFX key password (Enter Import Password).

    As a result, the external.cert certificate and the external.key in PEM format are returned.

  5. Place the returned external.cert certificate and external.key files in the /opt/kaspersky/kuma/core/certificates directory.
  6. Change the owner of the key files:

    chown kuma:kuma external.cert external.key

  7. Restart KUMA:

    systemctl restart kuma-core

  8. Refresh the web page or restart the browser hosting the KUMA web interface.

Your company certificate and key have been replaced.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.