Creating a Kaspersky Security Center Administration Server certificate

Support

Support for business applications

Kaspersky IoT Secure Gateway 1000

Configuring Kaspersky IoT Secure Gateway 1000

Configuring Kaspersky Security Center Administration Server settings

Creating a Kaspersky Security Center Administration Server certificate

April 12, 2024

ID 212880

Save as PDF

Expand all | Collapse all

The TLS encryption protocol ensures data transfer security using SSL connection certificates. An SSL connection certificate (hereinafter referred to as simply "certificate") is a block of data containing information about the certificate owner, the owner's public key, and the start and end dates of certificate validity.

A KSC server certificate is required for securely connecting to Kaspersky IoT Secure Gateway 1000 through the Kaspersky Security Center 14.2 Web Console. For detailed information about the requirements applied to KSC server certificates, please refer to the section titled Requirements for user certificates in Kaspersky Security Center in the Kaspersky Security Center 14.2 Online Help Guide.

You can issue a new KSC server certificate in the Kaspersky Security Center 14.2 Web Console.

To issue a new KSC server certificate through the Kaspersky Security Center 14.2 Web Console:

In the main window of the Kaspersky Security Center 14.2 Web Console, click the icon next to the name of the relevant Kaspersky Security Center Administration Server.
The Administration Server properties window opens.
Select the Certificates section.
In the Administration Server authentication by UEFI protection devices settings block, select Certificate issued through Administration Server.
Click the Reissue button.
In the opened window, configure the connection address:
- Use old connection address
  The address of the Administration Server to which Kaspersky IoT Secure Gateway 1000 connects will remain the same.
  
  This option is selected by default.
- Change connection address to
  If you need Kaspersky IoT Secure Gateway 1000 to connect to a different address, specify the relevant address in this field.
Click OK to save the changes.

The new KSC server certificate will be issued.

To upload a Kaspersky Security Center certificate file to Kaspersky IoT Secure Gateway 1000, the Kaspersky Security Center certificate file that was created through the web interface of the Kaspersky Security Center 14.2 Web Console must be saved on the local computer.

To save a Kaspersky Security Center certificate file that was created in the Kaspersky Security Center 14.2 Web Console:

In the web interface menu of the Kaspersky Security Center 14.2 Web Console, click the icon next to the name of the relevant Kaspersky Security Center Administration Server.
The Administration Server properties window opens.
Select the Certificates section.
In the Administration Server authentication by UEFI protection devices settings group, select Certificate issued through Administration Server.
Click the Manage certificate button.
In the opened pane on the right, in the Connection address block, click the IP address of Kaspersky IoT Secure Gateway 1000 for which the certificate was issued.

The certificate file will begin to automatically download.

In Kaspersky IoT Secure Gateway 1000, you can download a Kaspersky Security Center certificate file only in CRT, CER, DER or PEM format. If necessary, you can use the OpenSSL tool to change the format of a Kaspersky Security Center certificate file. For example, to change the format of a certificate file from P12 to CRT, run the following command in the console:

openssl pkcs12 -in <certificate name>.p12 -clcerts -nokeys -out <certificate name>.crt

A created KSC server certificate file needs to be added to Kaspersky IoT Secure Gateway 1000 to configure a connection with Kaspersky Security Center.

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.