Creating a self-signed SSL certificate

These instructions are applicable if Kaspersky Web Traffic Security was installed from an RPM or DEB package to a ready-to-use operating system.

To create a self-signed SSL certificate:

1. Go to the Squid service folder. To do so, execute the command:

   cd /etc/squid

2. Create a self-signed SSL certificate. To do so, execute the command:

   openssl req -new -newkey rsa:2048 -days <certificate validity period in days> -nodes -x509 -keyout bump.key -out bump.crt

   You will be prompted to fill in the fields of the self-signed SSL certificate.

3. Please fill in the fields of the self-signed SSL certificate.

   The certificate file bump.crt and private key file bump.key will be created in PEM format.

   The private key file must be stored in a secure location to prevent unauthorized access to traffic.

4. Convert the certificate file into a trusted certificate in DER format so that it can be imported into a browser. To do so, execute the command:

   openssl x509 -in bump.crt -outform DER -out bump.der

5. Import the bump.der file into the list of trusted root certification authorities on users' computers.

   When using certain browsers (such as Mozilla Firefox), you must also add the certificate to the browser storage.

The self-signed SSL certificate will be created.

Page top