How to install a custom certificate for the Integration Server in Kaspersky Security for Virtualization 5.1 Light Agent
Latest update: June 20, 2019
ID: 14677
When you install the Integration Server, the application generates a local self-signed certificate which is used by the server when establishing SSL connections. You can replace it using the instructions below.
When changing the Integration Server certificate, a new SVM certificate will be generated.
Certificate requirements
- PFX format.
- Contains secret key.
- Password-protected.
- The Common Name (CN) value in the Subject field corresponds to the full domain name of the Integration Server (FQDN).
- The Subject alternative name field contains the IP Address and DNS Name values:
- External and local IP addresses of the Administration Server are specified in the IP Address
- External and local IP addresses as well as the domain name of the Administration Server are specified in the DNS Name
- Key Usage:
- KeyEncipherment
- DigitalSignature
- DataEncipherment
- KeyCertSign
- Enhanced Key Usage:
- Server Authentication (1.3.6.1.5.5.7.3.1)
- Client Authentication (1.3.6.1.5.5.7.3.2)
Certificate installation
- Make sure you have administrator’s rights on the Integration Server.
- Open the PowerShell command line with administrator’s rights.
- Run the Replace-Viis Certificate command and follow the instructions.
- Update policies of Light Agents and SVMs so that they receive the new certificate key.
The certificate has been installed.