Managing TLS certificates

Support

Support for business applications

Kaspersky Secure Mail Gateway

Using the TLS protocol in the operation of Kaspersky Secure Mail Gateway

Managing TLS certificates

26 April 2024

ID 207395

Processing messages transmitted over encrypted TLS connections requires a TLS certificate. When you create a cluster, the application automatically creates a self-signed certificate and uses is as the active certificate. This certificate is displayed in the table of TLS certificates as Default Cert.

If you do not want to use this default certificate, you can add one or more TLS certificates and make one of the added certificates active. The other certificates are displayed in the table with the switch turned off. You can make a different certificate active at any time.

You can use certificates of the following types:

A comparison of certificate types supported by the application is provided in the following table.

Comparison of supported certificate types

Property	Self-signed	CSR-based	PFX
Must use a certification authority	No	Yes	Yes
The private key of the certificate is stored outside of the cluster	No	No	Yes
Can manually configure the certificate	Can populate only some fields	Can populate only some fields	Yes

In this section

Adding a self-signed certificate

Adding a CSR-based certificate

Adding a PFX certificate

Viewing certificate information

Making a certificate active

Downloading a certificate

Deleting a certificate

Kaspersky Endpoint Security for Business Advanced: Adaptive security of your company

Web and device controls. Data encryption. Centralized and convenient management from a single console.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.