How to add a Kaspersky root certificate to the Mozilla Firefox or Thunderbird certificate storage
Show applications and versions that this article concerns
- Kaspersky Standard, Plus, Premium
- Kaspersky Security Cloud
- Kaspersky Internet Security
- Kaspersky Anti-Virus
- Kaspersky Total Security
- Kaspersky Small Office Security
- Kaspersky Free
Browsers use root certificates to check the security and authenticity of websites and to encrypt data transmitted between the user's browser and a website.
Many third-party applications and browsers, such as Google Chrome, use root certificates from the system store of the operating system. Some applications use their own certificate stores, such as Thunderbird and Firefox version 115 or lower installed on Windows 7.
During installation of a Kaspersky application, a Kaspersky root certificate is added to the certificate system store. To prevent errors of encrypted traffic control, the Kaspersky application reconfigures Firefox and Thunderbird to use the certificate system store. Thus, before connecting, the browser verifies a website using certificates from the system store, where the Kaspersky application certificate is located.
If the browser uses the Mozilla certificate storage, you should add the Kaspersky root certificate to the system store manually using the guide below. Otherwise, the browser will be unable to open HTTPS-pages.
How to add a Kaspersky root certificate to the Mozilla Firefox or Thunderbird certificate store
- Open Control Panel. For instructions, see the Microsoft support website.
- Open Internet Options.
- Go to the Content tab and click Certificates.
- Go to the Trusted Root Certificate Authorities tab, select the Kaspersky root certificate and click Export.
- Complete the export in the Certificate Export Wizard:
- Click Next → Next, leave the export settings default.
- In the File name field, enter the full path to the folder where you want to export the certificate to. Specify the name of the file with the .cer extension. For example: С:\Users\Administrator\Documents\Kaspersky Lab.cer
Click Next.
- Click Done.
- Open Mozilla Firefox.
- Click
→ Options.
- Open Privacy and Security, scroll down and click View Certificates.
- Go to the Authorities tab and click Import.
- Select the certificate you got at step 5.
- Select Trust this CA to identify websites and Trust this CA to identify email users. Click OK.
If you remove the Kaspersky application and then install a newer application version, you may need to add the root certificate again using these instructions.
How to manually reconfigure Mozilla Firefox and Thunderbird to make them use the certificate system store
- Open your browser: Mozilla Firefox or Thunderbird.
- If you are using:
- Thunderbird: go to Options → General and click Config editor.
- Mozilla Firefox: enter about:config in the address bar. Click Accept the Risk and Continue.
- In the search field, enter security.enterprise_roots.enabled.
- Switch the
toggle to true. If the toggle is grayed out (inactive), the Kaspersky application has its settings applied in the browser. You don't need to make any changes.
- Make sure that the string is switched to true.
Mozilla Firefox and Thunderbird will be reconfigured to use the certificate system store.