Support

Support for business applications

Kaspersky Unified Monitoring and Analysis Platform

Administrator's guide

Installing and removing KUMA

Reissuing internal CA certificates

Kaspersky Unified Monitoring and Analysis Platform
Нет результатов
Knowledge Base Online Help
FAQ Solution overview Forum Contact support Product videos

Reissuing internal CA certificates

June 18, 2024

ID 275543

Get as PDF

The Reissue internal CA certificates option is available only to a user with the General Administrator role.

The process of reissuing certificates for an individual service remains the same: in the KUMA web interface, in the 'Active services' section, select the service, in the context menu, select 'Reset certificate', and delete the old certificate in the service installation directory. KUMA automatically generates a new certificate. You do not need to restart running services, the new certificate is applied automatically. A stopped service must be restarted to have the certificate applied.

To reissue internal CA certificates:

  1. In the KUMA web interface, go to the SettingsGeneral section, click Reissue internal CA certificates and read the displayed warning. If you decide to continue reissuing certificates, click Yes.

    As a result, the CA certificates for KUMA services and the CA certificate for ClickHouse are reissued. Next, you must stop the services, delete old certificates from the service installation directories, restart the Core, and restart the stopped services to apply the reissued certificates.

  2. Connect to the hosts where the collector, correlator, and event router services are deployed.
    1. Stop all services with the following command:

      sudo systemctl stop kuma-<collector/correlator/eventRouter>-<service ID>.service

    2. Delete the internal.cert and internal.key certificate files from the "/opt/kaspersky/kuma/<service type>/<service ID>/certificates" directories with the following command:

      sudo rm -f /opt/kaspersky/kuma/<service type>/<service ID>/certificates/internal.cert

      sudo rm -f /opt/kaspersky/kuma/<service type>/<service ID>/certificates/internal.key

  3. Connect to the hosts where storage services are deployed.
    1. Stop all storage services.

      sudo systemctl stop kuma-<storage>-<service ID>.service

    2. Delete the internal.cert and internal.key certificate files from the "/opt/kaspersky/kuma/storage/<ID service>/certificates" directories.

      sudo rm -f /opt/kaspersky/kuma/storage/<service ID>/certificates/internal.cert

      sudo rm -f /opt/kaspersky/kuma/storage/<service ID>/certificates/internal.key

  4. Delete all ClickHouse certificates from the "/opt/kaspersky/kuma/clickhouse/certificates" directory.

    sudo rm -f /opt/kaspersky/kuma/clickhouse/certificates/internal.cert

    sudo rm -f /opt/kaspersky/kuma/clickhouse/certificates/internal.key

  5. Connect to the hosts where agent services are deployed.
    1. Stop the services of Windows agents and Linux agents.
    2. Delete the internal.cert and internal.key certificate files from working directories of the agents.

      sudo /opt/kaspersky/kuma/kuma agent --core https://kuma.example.com:7210 -<agent ID> --wd /opt/kaspersky/kuma/agent/<agent ID>

  6. Restart the Core to apply the new CA certificates.

    sudo systemctl restart kuma-core-00000000-0000-0000-0000-000000000000.service

  7. Restart all services that were stopped during the procedure.

    sudo systemctl start kuma-<collector/correlator/eventRouter/storage>-<service ID>.service

  8. Restart victoria-metrics.

    sudo systemctl start kuma-victoria-metrics.service

Internal CA certificates are reissued and applied.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.