Managing certificates in the thin client interface

Kaspersky Thin Client does not check to see if the certificate is on the Certificate Revocation List.

About certificates for connecting to Kaspersky Security Center

If the Kaspersky Security Center administrator replaces the certificate for connecting to Kaspersky Security Center, some cases may require confirmation of the certificate replacement. For example, this may be required if the thin client was turned off for a long time, has not synchronized with Kaspersky Security Center, and the certificate previously used to connect to Kaspersky Security Center has expired.

To confirm replacement of the mobile certificate for connecting to Kaspersky Security Center:

1. Turn on Kaspersky Thin Client.
2. In the Certificate must be replaced window that opens, view and memorize the confirmation code and provide it to the Kaspersky Security Center administrator. The administrator contact details are provided in the Certificate must be replaced window. The Kaspersky Security Center administrator sends you a certificate replacement code in response.
3. Click Next.
4. In the Certificate replacement code window that opens, enter the code provided by the Kaspersky Security Center administrator and click the Confirm button.

As a result, the new certificate for connecting to Kaspersky Security Center will be saved in the Kaspersky Thin Client certificate store and will be subsequently used to connect to Kaspersky Security Center.

About certificates used to connect to a remote environment and to a log server

If a thin client is not connected to Kaspersky Security Center and the administrator has not assigned certificates for it in the Web Console, a user could also connect to nodes and use certificates that are not controlled by the administrator. You are advised to configure the connection of a group of thin clients to a log server and to a remote environment only using certificates that were assigned by the administrator in the Web Console. These measures will help prevent Kaspersky Thin Client from connecting to untrusted nodes.

You can use or reject a certificate in the Kaspersky Thin Client interface in the following cases:

• When connecting Kaspersky Thin Client to Kaspersky Security Center for the first time.
• When connecting to a remote environment for the first time.
• When connecting to a log server for the first time.

Accepted certificates are saved in the system store of Kaspersky Thin Client.

If a thin client is included in an administration group and this group has been assigned certificates in the Web Console, you will not be able to manage the certificates in the Kaspersky Thin Client interface.