Adding Kaspersky certificate to the own certificate store

Support

Support for business applications

Kaspersky Endpoint Security 12 for Windows

Computer protection

Encrypted connections scan

Adding Kaspersky certificate to the own certificate store

April 16, 2024

ID 202714

Get as PDF

Browsers and mail clients use the certificate to verify the security and authenticity of web resources. The certificate also provides data encryption between web resources and the user. Most browsers and mail clients use the trusted certificate store (Windows certificate store). For example, Google Chrome. Some browsers and mail clients use their own certificate store by default instead of the Windows certificate store. For example, Firefox and Thunderbird.

After installation, Kaspersky Endpoint Security adds a Kaspersky certificate to the system storage for trusted certificates (Windows certificate store). If Kaspersky Security Center is deployed in your organization and a policy is being applied to a computer, Kaspersky Endpoint Security automatically enables the use of Windows certificate store in browsers and mail clients to scan the traffic of these applications. If a policy is not being applied to the computer, you can choose the certificate store that will be used by browsers and mail clients. If you selected the own certificate store, add the Kaspersky certificate to the store manually. This will help avoid errors when working with HTTPS traffic.

To scan traffic in the Mozilla Firefox browser and the Thunderbird mail client, you must enable the Encrypted Connections Scan. If Encrypted Connections Scan is disabled, the application does not scan traffic in the Mozilla Firefox browser and Thunderbird mail client. Encrypted connections scan should also be enabled to scan traffic in MyOffice Mail and R7-Office Organizer mail clients.

Prior to adding a certificate to the own certificate store of your browser or mail client, export the Kaspersky certificate from the Windows Control Panel (Internet properties). For details about exporting the Kaspersky certificate, please refer to the Technical Support Knowledge Base. You can learn more about adding a certificate to the store, for example, on the Mozilla technical support website.

You can choose the certificate store only in the local interface of the application.

To choose a certificate store for scanning encrypted connections in browsers and mail clients:

In the main application window, click the button.
In the application settings window, select General settings → Network settings.
In the Encrypted connections scan block, select the Use the selected certificate store to scan encrypted connections in Mozilla applications check box.
Select a certificate store:
- Windows certificate store (recommended). The Kaspersky root certificate is added to this store during installation of Kaspersky Endpoint Security.
- Certificate store from Mozilla Firefox browser settings. Mozilla Firefox and Thunderbird use their own certificate stores. If the Mozilla certificate store is selected, you need to manually add the Kaspersky root certificate to this store through the browser properties.
  MyOffice Mail and R7-Office Organizer mail clients also use their own certificate store.
Save your changes.

Kaspersky Endpoint Security for Windows: Detection of advanced threats

Control systems which prevent damage from the sensitive data theft. Management from a single console. Buy as part of Endpoint Security for Business Advanced.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.