Reissuing the mobile Administration Server certificate
You need to specify a reserve mobile Administration Server certificate to meet the security requirements of your organization and maintain a continuous connection between managed devices and the Administration Server. A mobile certificate issued by Kaspersky Security Center is reissued by default.
We recommend that you specify a reserve certificate when installing the Administration Server or no later than 30 days before the expiration of the existing certificate. The exact expiration time is available in the Expires field of the certificate settings (in the main menu, select 
→ General → Certificates).
The maximum validity period of any Administration Server certificate is 397 days.
The reserve certificate is delivered to the device during synchronization and becomes the main certificate immediately after the existing certificate expires. If the certificate expires and no reserve certificate has been specified, the connection between the Administration Server and Kaspersky Endpoint Security on managed devices will be lost. In this case, to reconnect devices, you must specify a new certificate and reinstall Kaspersky Endpoint Security on each of the managed devices.
To reissue the Administration Server certificate with delayed activation (to use a certificate as a reserve certificate):
- In the main menu, click the settings icon () next to the name of the Administration Server.
The Administration Server properties window opens.
- In the Administration Server properties window, select General → Certificates.
- If you plan to continue using the certificate issued by Kaspersky Security Center:
- Click Reissue.
- In the window that opens:
- In the Connection address section, select Use old connection address or Change connection address to, if a new connection address will be used.
- In the Activate new certificate section, select After this period expires, days and specify the number of days before the certificate becomes active.
We recommend to specify a certificate activation period of at least 30 days so that all devices have time to receive the certificate. Please note that the specified period must be greater than the period for synchronizing devices with the Administration Server. For more information about configuring settings for device synchronization with the Administration Server, see the Configuring synchronization settings section.
- Click OK.
Alternatively, if you plan to use your own custom certificate:
- Check whether your certificate meets the requirements of Kaspersky Security Center and Apple requirements for trusted certificates. If necessary, modify the certificate.
- Select the Other certificate option and click Manage certificate.
- In the window that opens, click Browse.
- In the window that opens, select the type of your certificate and then specify the certificate location and settings:
- If you select PKCS #12, click the Browse button next to the Public key field and specify the certificate file on your hard drive. If the certificate file is password-protected, enter the password in the Private key password field.
- If you select X.509, click the Browse button next to the Private key field and specify the private key on your hard drive. If the private key is password-protected, enter the password in the Private key password field. Then click the Browse button next to the Public key field and specify the public key on your hard drive.
- In the Activate new certificate section, select After this period expires, days and specify the number of days before the certificate becomes active.
- Click Save.
- Click OK.
- Click Save to save the changes you have made.
The certificate is reissued as a reserve certificate.
To immediately reissue the Administration Server certificate (not recommended if you have any managed mobile devices):
Do not select Immediately if you have any managed mobile devices. If you select this option, the connection with all managed devices will be lost, since the new certificate will not be delivered to devices, and the previous certificate will no longer be valid.
- In the main menu, click the settings icon () next to the name of the Administration Server.
The Administration Server properties window opens.
- In the Administration Server properties window, select General → Certificates.
- If you plan to continue using the certificate issued by Kaspersky Security Center:
- Click Reissue.
- In the window that opens:
- In the Connection address section, select Use old connection address or Change connection address to, if a new connection address will be used.
- In the Activate new certificate section, select Immediately.
- Click OK.
Alternatively, if you plan to use your own custom certificate:
- Check whether your certificate meets the requirements of Kaspersky Security Center and Apple requirements for trusted certificates. If necessary, modify the certificate.
- Select the Other certificate option and click Manage certificate.
- In the window that opens, click Browse.
- In the window that opens, select the type of your certificate and then specify the certificate location and settings:
- If you select PKCS #12, click the Browse button next to the Public key field and specify the certificate file on your hard drive. If the certificate file is password-protected, enter the password in the Private key password field.
- If you select X.509, click the Browse button next to the Private key field and specify the private key on your hard drive. If the private key is password-protected, enter the password in the Private key password field. Then click the Browse button next to the Public key field and specify the public key on your hard drive.
- In the Activate new certificate section, select Immediately.
- Click Save.
- Click OK.
- Click Save to save the changes you have made.
The certificate is reissued as the main Administration Server certificate.
For more information about certificates, please refer to the Kaspersky Security Center Help.