Changing the certificates to use MDR functions in Kaspersky Security Center with a proxy server or anti-virus software
February 12, 2024
You need to redefine the certificate chain for connection between Kaspersky Security Center Web Console with MDR Plug-in and the MDR solution infrastructure in the following cases:
- A proxy server with a TLS connection is used on the network where Kaspersky Security Center is running.
- Anti-virus software with TLS traffic encryption is running on a host where Kaspersky Security Center Web Console is installed.
To redefine the certificate chain:
- Save the necessary certificates as files on your computer.
- To save the certificate file of the software encrypting traffic, on the host with Kaspersky Security Center Web Console open https://mdr-ksc.kaspersky.com/ in the Chrome browser, click the lock icon in the address bar next to the site address, click Connection is secure, click Certificate is valid, go to the Details tab, and then click the Export button. For instructions for other browsers, refer to the documentation for these browsers.
- To get the certificate used to connect to the proxy server, contact your network administrator.
- Add the saved certificates to the file with the .PEM extension (for example, KL_Root.pem).
- Place the created .PEM file in the Kaspersky Security Center Web Console installation folder (by default, C:\Program Files\Kaspersky Lab\Kaspersky Security Center Web Console\).
- Add the NODE_EXTRA_CA_CERTS environment variable to the .env file located in the Kaspersky Security Center Web Console installation folder. If the .env file is missing in the installation folder, create it.
Example of the variable:
NODE_EXTRA_CA_CERTS="C:\Program Files\Kaspersky Lab\Kaspersky Security Center Web Console\KL_Root.pem"
To apply the changes after you set the environment variable, restart the host where Kaspersky Security Center Web Console is installed.