Administration Server certificate

Two operations—Administration Server authentication during connection by Administration Console and data exchange with devices—are performed based on the Administration Server certificate. The certificate is also used for authentication when master Administration Servers are connected to slave Administration Servers.

Certificate issued by Kaspersky Lab

The Administration Server certificate is created automatically during installation of the Administration Server component and is stored in the ALLUSERSPROFILE%\Application Data\KasperskyLab\adminkit\1093\cert folder.

The Administration Server certificate is valid for five years. A new certificate is delivered to the Administration Server 90 days before the expiration date of the current certificate. Subsequently, the new certificate automatically replaces the current certificate one day before the expiration date. All Network Agents on the client devices are automatically reconfigured to authenticate the Administration Server with the new certificate.

Third-party certificates

If necessary, you can assign a third-party certificate for the Administration Server. For example, this may be necessary for better integration with the existing PKI of your enterprise or for custom configuration of the certificate fields. When replacing the certificate, all Network Agents that were previously connected to Administration Server through SSL will lose their connection and will return "Administration Server authentication error". To eliminate this error, you will have to restore the connection after the certificate replacement.

To replace the Administration Server certificate manually:

  1. Use the klsetsrvcert utility to replace the certificate.

    From the command line, run the command with the following syntax:

    klsetsrvcert -t <type> {-i <inputfile> [-p <password>] | -g <dnsname>} [-l <logfile>]

  2. On the client devices, use the klmover utility to specify the new certificate and restore connection of the Network Agents to the Administration Server.

    From the command line, run a command with the following syntax:

    klmover [-address <server address>] [-pn <port number>] [-ps <SSL port number>] [-nossl] [-cert <path to certificate file>]

The Administration Server certificate is replaced and the server is authenticated by the Network Agents on the client devices.

If the Administration Server certificate is lost, you must reinstall the Administration Server component and restore the data in order to recover it.

Page top