Configuring certificate issuance rules

Support

Support for business applications

Kaspersky Secure Mobility Management

Working in MMC-based Administration Console

Deployment

Preparing the Administration Console for deployment of the integrated solution

Working with certificates of mobile devices

Configuring certificate issuance rules

February 26, 2024

ID 89286

Get as PDF

The certificates are used for the device authentication on the Administration Server. All managed mobile devices must have certificates. You can configure how the certificates are issued.

To configure certificate issuance rules:

In the console tree, expand the Mobile Device Management folder and select the Certificates subfolder.
In the workspace of the Certificates folder, click the Add certificate button to open the Certificate issuance rules window.
Proceed to the section with the name of a certificate type:
Issuance of mobile certificates—To configure the issuance of certificates for the mobile devices.

Issuance of mail certificates—To configure the issuance of mail certificates.

Issuance of VPN certificates—To configure the issuance of VPN certificates.
In the Issuance settings section, configure the issuance of the certificate:
- Specify the certificate term in days.
- Select a certificate source (Administration Server or Certificates are specified manually).
  Administration Server is selected as the default source of certificates.
- Specify a certificate template (Default template, Other template).
  Configuration of templates is available if the Integration with PKI section features the integration with Public Key Infrastructure enabled.
For VPN and mail certificates if the integration with the PKI is configured, enable and configure automatic issuance of the certificate on device connection to Kaspersky Security Center.
To do so, in the Automatic issuance of <certificate type> certificate on device connection section, select the Issue for KES devices managed by Kaspersky Secure Mobility Management and/or Issue for iOS MDM devices check boxes.

If you selected the Issue for iOS MDM devices check box, select the tag for the certificate issuance from the drop-down list. The following tags are available: Certificate template 1, Certificate template 2, or Certificate template 3.

You can configure the further use of the selected tag for the certificate issuance in the following sections:
- If the Issuance of mail certificates section has been selected in the Certificate issuance rules window:
  - In the properties of the Email account for iOS MDM devices.
  - In the properties of the Exchange ActiveSync account for iOS MDM devices.
- If the Issuance of VPN certificates section has been selected in the Certificate issuance rules window:
  - In the properties of the VPN network for iOS MDM devices.
In the Automatic Updates settings section, configure automatic updates of the certificate:
- In the Renew when certificate is to expire in (days) field, specify how many days before expiration the certificate must be renewed.
- To enable automatic updates of certificates, select the Reissue certificate automatically if possible check box.
A mobile certificate can be renewed manually only.
In the Password protection section, enable and configure the use of a password when decrypting certificates.
Password protection is only available for mobile certificates.
1. Select the Prompt for password during certificate installation check box.
2. Use the slider to define the maximum number of symbols in the password for encryption.
Click OK.

Kaspersky Professional Services

Implementation services. Health check and security system configuration. Contact us if you need expert help.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.