Adding the self-signed certificate as trusted to a browser (Windows)

The procedures in this section show you how to add the self-signed certificates generated during Kaspersky Scan Engine installation to the trusted storage. This will remove the security warnings generated by browsers.

The information in this section is applicable to the situation when the user gains access to Kaspersky Scan Engine GUI from the same computer on which Kaspersky Scan Engine GUI runs. If the Settings > ServerSettings > ConnectionString element of the Kaspersky Scan Engine configuration file refers to an external interface, the Kaspersky Scan Engine GUI website will not be considered trusted, because the self-signed certificate can be used only with https://127.0.0.1 and https://localhost addresses.

To avoid potential security risks, it is recommended to use a trusted certificate signed by a certificate authority (CA). For more information, see section "Generating SSL certificates for Kaspersky Scan Engine GUI".

Causing a self-signed certificate to be trusted by a browser (Kaspersky Scan Engine GUI is opened in Internet Explorer)

Gaining the browser's trust requires that you perform, in sequence, the following three procedures:

To save the certificate to a local file:

1. Open the https://127.0.0.1 or https://localhost address in Internet Explorer.

   The browser informs you of a problem with the security certificate of the website.

   

   Certificate error message

2. Select the Continue to this website (not recommended) link.

   The Certificate Error message appears in the address bar.

3. Click Certificate Error.

   The Untrusted Certificate window opens.

   

   Untrusted Certificate window

4. Select the View certificates link.

   The Certificate window opens with information about the Kaspersky Scan Engine certificate.

   

   Certificate window

5. Select the Details tab and click Copy to File to create a local copy of the certificate.

   The Certificate Export Wizard starts.

   

   Certificate Export Wizard

6. Follow the Wizard instructions.

   Use the default Wizard settings during the certificate export.

To start the certificate import process through Microsoft Management Console (MMC):

1. From the Search box, navigate to the Run box and enter mmc.

   You can now run MMC as Administrator.

   

   Running the MMC

2. In the MMC-based console that opens, select File > Add/Remove Snap-in.

   

   Selecting Add/Remove Snap-in

   The Add or Remove Snap-ins window opens.

3. In the Available snap-ins list, select Certificates and click Add.

   

   Adding a Certificates snap-in

   The Certificates snap-in window opens.

4. Select Computer account and click Next.

   

   Selecting Computer account

   In the Select Computer window that opens, click Finish.

   

   Selecting Local computer

5. In the tree pane, select Certificates (Local Computer) > Trusted Root Certification Authorities, right-click Certificates, and select All Tasks > Import.

   

   Selecting Import

   The Certificate Import Wizard starts.

To add the saved certificate to the Trusted Root Certification Authorities store:

1. On the Welcome page of the Wizard, click Next.

   

   Certificate Import Wizard

2. Click Browse and select the certificate that was saved in the "To make the self-signed certificate for Kaspersky Scan Engine GUI trusted when using Internet Explorer:" procedure above.

   

   Importing the previously saved certificate

3. On the next page of the Certificate Import Wizard, click Next.

   

   Selecting a certificate store

4. On the last page of the Certificate Import Wizard, click Finish.

   

   Completing the certificate import

5. Close the MMC-based console and restart the browser.

   The security problem (untrusted certificate) is resolved, as shown in the figure below.

   

   Website identification

Causing a self-signed certificate to be trusted by a browser (Kaspersky Scan Engine GUI opens in Google Chrome)

To make the self-signed certificate for Kaspersky Scan Engine GUI trusted when using Google Chrome:

1. Open the https://127.0.0.1 or https://localhost address in Google Chrome.

   A warning is displayed in the address bar that the connection to the site is not secure.

2. Click the Not secure message.

   A window opens with security details about the website.

3. Click Certificate to view the certificate information. (When the mouse pauses over Certificate, a Show certificate tooltip appears.)
4. In the Certificate window that opens, select the Details tab and click Copy to File to create a local copy of the certificate.

   The Certificate Export Wizard starts.

   

   Certificate Export Wizard

5. Follow the Wizard instructions.

   Use the default Wizard settings during the certificate export.

6. After the certificate is saved to a local disk, open it and add it to the Trusted Root Certification Authorities store as described in the procedure for Internet Explorer.
7. Restart the browser.

Causing a self-signed certificate to be trusted by a browser (Kaspersky Scan Engine GUI opens in Mozilla Firefox)

You add Kaspersky Scan Engine GUI to the list of Mozilla Firefox trusted sites so that the browser will not display warnings about the certificate.

Removing a certificate from the list of trusted ones

After you have reconfigured or uninstalled Kaspersky Scan Engine, old certificates are no longer used by Kaspersky Scan Engine. You can remove them from the list of trusted certificates.

To remove a certificate from the list of trusted certificates:

1. Open the Certificates management console by running the following command:

   certmgr.msc

2. In the tree pane, select Trusted Root Certification Authorities > Certificates.

   

   Certificates management console

3. In the results pane, right-click the added certificate and select Delete.

Page top