Contents
The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.
Managing certificates
Mobile certificates are used for the purpose of identifying the users of mobile devices on the Administration Server.
Kaspersky Security Center Web Console and Cloud Console allow you to perform the following actions with user mobile certificates:
- View the certificates and their statuses.
- Create new certificates.
- Renew the expiring certificates.
- Delete certificates.
For more information on Kaspersky Security Center certificates:
- If you use Kaspersky Security Center Web Console, please refer to Kaspersky Security Center Help.
- If you use Kaspersky Security Center Cloud Console, please refer to Kaspersky Security Center Cloud Console Help.
The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.
Viewing the list of certificates
Kaspersky Security Center Web Console and Cloud Console allow you to view the applied user mobile certificates, their statuses, and properties.
To view the list of applied user mobile certificates:
- In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Mobile > Devices.
- Select Manage certificates.
The Mobile certificates page opens with information about the applied user mobile certificates. You can view details of a certificate by clicking it in the User name column.
Page topThe help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.
Defining certificate settings
You can use Kaspersky Security Center Web Console or Cloud Console to configure the lifetime, automatic updates, and password protection of mobile certificates.
To define mobile certificate settings:
- In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Mobile > Devices.
- Select Manage certificates.
- Select Certificate settings.
- In the Generate mobile certificates window that opens, you can configure the following:
- Certificate validity period (days)
Certificate lifetime period in days. The default lifetime of a certificate is 365 days. When this period expires, the mobile device will not be able to connect to the Administration Server.
- Reissue when certificate will expire in (days)
The number of days remaining until the current certificate's expiration during which Administration Server should issue a new certificate. For example, if the value of the field is 4, Administration Server issues a new certificate four days before the current certificate expires. The default value is 1.
- Reissue certificate automatically if possible
If possible, certificates will be reissued automatically. If this option is disabled, certificates must be reissued manually as they expire. By default, this option is disabled.
- Prompt for password during certificate installation
The user will be prompted for a password when the certificate is installed on a mobile device. The password is used only once—during installation of the certificate on the mobile device. The password will be automatically generated by the Administration Server and sent to the user by email. You can specify the password length in the Password length field.
- Certificate validity period (days)
- Click Save to apply the changes and close the window.
The specified settings will be used by Kaspersky Security Center for creating, updating, and protecting mobile certificates.
Page topThe help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.
Creating a certificate
You can create mobile certificates in Kaspersky Security Center Web Console and Cloud Console for the purpose of identifying the users of mobile devices.
To create a mobile certificate:
- In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Mobile > Devices.
- Select Manage certificates.
- In the Mobile certificates window that opens, click Add to start Mobile Certificate Creation Wizard. Proceed through the Wizard by using the Next button.
- Select users or user groups whose mobile devices you want to manage with a new certificate.
- Specify the Publication parameters:
- If you want to notify the users about the new certificate, select the Notify user about the new certificate check box.
- If you want to allow using one certificate multiple times on the same device, select the Allow using one certificate multiple times on the same device (only for devices with Kaspersky Endpoint Security for Android installed) check box.
- Select the Authentication type:
- Select Credentials (domain login or user name) if you want users to access the certificate by using their credentials.
On devices, users will have to specify the login in one of the following formats:
userPrincipalName@DNSDomainNamesAMAccountNamesAMADomain\sAMAccountName
- Select One-time password if you want users to access the certificate by using a one-time password.
This option is available if you did not select the Allow using one certificate multiple times on the same device (only for devices with Kaspersky Endpoint Security for Android installed) check box in the previous step.
- Select Password if you want users to access the certificate by using a password.
This option is available if you selected the Allow using one certificate multiple times on the same device (only for devices with Kaspersky Endpoint Security for Android installed) check box in the previous step.
- Select Credentials (domain login or user name) if you want users to access the certificate by using their credentials.
- Specify the method of certificate delivery in the Certificate delivery field:
- If you have selected One-time password in the previous step, select one of the following options:
- If you want to send the password by email, select Notify user by email.
Then select which email address to use or select Another email address to specify another email address.
- If you want to notify users about the password by other means, select Show the password after finishing the Wizard.
- If you want to send the password by email, select Notify user by email.
- If you have selected Credentials (domain login or user name) in the previous step, select which email address to use or select Another email address to specify another email address.
- If you have selected One-time password in the previous step, select one of the following options:
- The certificate summary is displayed.
Make sure that all parameters are correct, and then click Create.
As a result, Mobile Certificate Creation Wizard creates a certificate that users can install on their mobile devices. The certificate becomes available after the next synchronization of mobile devices with Kaspersky Security Center.
For more information about creating certificates and configuring rules for issuing them:
- If you use Kaspersky Security Center Web Console, please refer to Kaspersky Security Center Help.
- If you use Kaspersky Security Center Cloud Console, please refer to Kaspersky Security Center Cloud Console Help.
The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.
Renewing a certificate
If any of the applied mobile certificates is about to expire, you can renew it by using Kaspersky Security Center Web Console or Cloud Console.
To renew a mobile certificate:
- In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Mobile > Devices.
- Select Manage certificates.
- Select the certificate that you want to renew, and then click Reissue.
The status of the certificate changes to The certificate has been reissued.
Page topThe help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.
Deleting a certificate
You can delete mobile certificates by using Kaspersky Security Center Web Console or Cloud Console.
If you delete a mobile certificate, the device can no longer synchronize with the Administration Server and cannot be managed by means of Kaspersky Security Center. To start managing the mobile device again, you will need to reinstall the Kaspersky Endpoint Security for Android app on it.
To delete a mobile certificate:
- In the main window of Kaspersky Security Center Web Console or Cloud Console, select Devices > Mobile > Devices.
- Select Manage certificates.
- Select the certificate that you want to delete, and then click Delete.
The certificate is deleted and removed from the list of certificates.
Page top