Updating Kaspersky MLAD certificates
The following certificates are used in Kaspersky MLAD:
- Certificates for connecting to Kaspersky MLAD using the web interface.
- Certificates for connecting connectors and services.
It is recommended to update certificates in the following cases:
- Current certificates have been compromised.
- Certificates have expired.
- Certificates need to be updated in accordance with the enterprise information security requirements.
Updating a certificate for connecting to Kaspersky MLAD using the web interface
By default, Kaspersky MLAD uses a self-signed certificate that is automatically generated during the application installation to connect to the web interface. When using a self-signed certificate to connect to the Kaspersky MLAD web interface, the browser displays a warning that the security certificate or the established connection is not trusted.
To use trusted certificates to connect to the Kaspersky MLAD web interface, you can replace the self-signed certificate with a certificate received from a recognized certification authority or with a custom certificate that complies with the security standards of your organization.
By default, Kaspersky MLAD uses the mlad-4.0.2-<installation build number>/ssl/nginx/ directory to store certificates for connecting to the web interface.
The certificate for connecting to Kaspersky MLAD using the web interface can be updated by a qualified technical specialist of the Customer, a Kaspersky employee or a certified integrator.
To update certificates for connecting to Kaspersky MLAD using the web interface:
- Obtain a trusted certificate and a key for this certificate to connect to the Kaspersky MLAD web interface.
A certificate must be received for the IP address and domain name of the server on which Kaspersky MLAD is installed.
- Go to the directory containing the trusted certificate and the key to this certificate.
- In the command line, run the following commands:
sudo chown root:root <new certificate.crt> <new certificate key.key>sudo chmod 640 <new certificate.crt> <new certificate key.key>sudo cp <new certificate.crt> mlad-4.0.2-<installation build number>/ssl/nginx/mlad_nginx.crtsudo cp <new certificate key.key> mlad-4.0.2-<installation build number>/ssl/nginx/mlad_nginx.keyThe new certificate and its key are saved in the mlad-4.0.2-<installation build number>/ssl/nginx/ directory as the mlad_nginx.crt and mlad_nginx.key files, respectively.
- Restart Kaspersky MLAD by executing the following commands in the command line:
mlad-4.0.2-<installation build number>/mlad-stop.shmlad-4.0.2-<installation build number>/mlad-start.sh
After restarting, Kaspersky MLAD uses the new certificate to connect to the web interface.
Updating a certificate for connecting connectors and services
In Kaspersky MLAD, you can use a secure connection for MQTT Connector, AMQP Connector, WebSocket Connector, and the Mail Notifier service. You can update certificates for connecting these connectors and the Mail Notifier service using a secure connection in the System parameters section of the administrator menu.
To connect the MQTT Connector, AMQP Connector, and WebSocket Connector as well as the Mail Notifier service over a secure connection, it is recommended to use certificates created according to the X.509 standard with a certificate key length of at least 4,096 bits.
The certificate for connecting the KICS Connector is contained in the communication data package, which you can update in Kaspersky Industrial CyberSecurity for Networks. You can upload the updated communication data package to Kaspersky MLAD when configuring the KICS Connector. For detailed information about creating a communication data package, please refer to the Kaspersky Industrial CyberSecurity for Networks Help Guide.
Kaspersky Machine Learning for Anomaly Detection is compatible with Kaspersky Industrial CyberSecurity for Networks version 4.0 and later.
