The procedures in this section show you how to add the self-signed certificates generated during Kaspersky CyberTrace installation to the trusted storage. This will remove the security warnings generated by browsers.
The information in this section is applicable to the situation when a user gains access to CyberTrace Web from the same computer on which CyberTrace Web runs. If the GUISettings > HTTPServer > ConnectionString
element of the Feed Service configuration file refers to an external interface, the CyberTrace Web website will not be considered trusted, because the self-signed certificate can be used only with the https://127.0.0.1
and https://localhost
addresses.
To avoid potential security risks, we recommend using a trusted certificate signed by a certificate authority (CA). For more information, see section "Generating certificates for CyberTrace Web".
Causing a self-signed certificate to be trusted by a browser (CyberTrace Web is opened in Internet Explorer installed on a Windows system)
Gaining the browser's trust requires that you perform, in sequence, the following three procedures:
To save the certificate to a local file:
https://127.0.0.1
or https://localhost
address in Internet Explorer.The browser informs you of a problem with the security certificate of the website.
Certificate error message
The Certificate Error message appears in the address bar.
The Untrusted Certificate window opens.
Untrusted Certificate window
The Certificate window opens with information about the CyberTrace certificate.
Certificate window
The Certificate Export Wizard starts.
Certificate Export Wizard
Use the default Wizard settings during the certificate export.
To start the certificate import process through Microsoft Management Console (MMC):
mmc
.You can now run MMC as Administrator.
Running the MMC
Selecting Add/Remove Snap-in
The Add or Remove Snap-ins window opens.
Adding a Certificates snap-in
The Certificates snap-in window opens.
Selecting Computer account
In the Select Computer window that opens, click Finish.
Selecting Local computer
Selecting Import
The Certificate Import Wizard starts.
To add the saved certificate to the Trusted Root Certification Authorities store:
Certificate Import Wizard
Importing the previously saved certificate
Selecting a certificate store
Completing the certificate import
The security problem (untrusted certificate) is resolved, as shown in the figure below.
Website identification
Causing a self-signed certificate to be trusted by a browser (CyberTrace Web opens in Google Chrome installed on a Windows system)
To make the self-signed certificate for CyberTrace Web trusted when using Google Chrome:
https://127.0.0.1
or https://localhost
address in Google Chrome.A warning is displayed in the address bar that the connection to the site is not secure.
A window opens with security details about the website.
Security details
The Certificate Export Wizard starts.
Certificate Export Wizard
Use the default Wizard settings during the certificate export.
Causing a self-signed certificate to be trusted by a browser (CyberTrace Web opens in Mozilla Firefox)
You add CyberTrace Web to the list of Mozilla Firefox trusted web addresses so that the browser will not display warnings about the certificate.
Causing a self-signed certificate to be trusted by a browser (CyberTrace Web opens in a browser for Linux)
Procedures for using a browser to import a certificate as trusted (on Linux systems) vary depending on the browser and Linux distribution used. But the procedures share common steps: to open the browser settings form and use the form to import the certificate to a store.
To manually cause a self-signed certificate to be trusted by a browser on a Linux system:
/usr/local/share/ca-certificates/
directory if it does not exist on your computer:mkdir /usr/local/share/ca-certificates/
cp <full path to the certificate> /usr/local/share/ca-certificates/
sudo update-ca-certificates
If you do not have the ca-certificates package, install it with your package manager.
Removing a certificate from the list of trusted ones
After you have reconfigured or uninstalled CyberTrace, old certificates are no longer used by CyberTrace. You can remove them from the list of trusted certificates.
To remove a certificate from the list of trusted certificates (on Windows):
certmgr.msc
Certificates management console
On a Linux system, the removal procedure is performed in a way that is similar to the addition of a certificate: open the list of the trusted certificates and remove those that you do not need.
Page top