You can use a user certificate for connecting Kaspersky Thin Client to Kaspersky Security Center. For detailed information about the requirements applied to Kaspersky Security Center certificates, see the Requirements for custom certificates used in Kaspersky Security Center section of the Kaspersky Security Center Online Help Guide. We recommend using a user certificate when migrating a group of devices running Kaspersky Thin Client to a new Kaspersky Security Center Administration Server. After the user certificate is created, it must be uploaded to the Web Console as a mobile certificate. You can use the OpenSSL tool to create a user certificate.
To create a user certificate for connecting Kaspersky Thin Client to Kaspersky Security Center using the OpenSSL tool:
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out server.pem -days 729 -subj '/CN=mydomain.ru/C=RU/L=Moscow/O=My Organization Name/OU=My Organization Unit Name' -addext "keyUsage = digitalSignature, keyEncipherment, dataEncipherment, cRLSign, keyCertSign" -addext "extendedKeyUsage = serverAuth, clientAuth"
where:
-keyout key.pem is a name of the file in which the private key of the created certificate will be saved.-out server.pem is a name of the file in which the created certificate will be saved.-days is a setting that defines the validity term of the created certificate, in days. We recommend setting a certificate validity term of no more than 729 days.-subj '/CN=mydomain.ru/C=RU/L=Moscow/O=My Organization Name/OU=My Organization Unit Name' is data of your organization: domain name, location, name.As a result, the following two files will be created in the folder where you ran the command:
If necessary, you can convert a certificate file from PEM to DER format.
Page top