Managing trusted certificates
December 13, 2023
When establishing an encrypted connection over the HTTPS protocol, the security certificate of the requested web resource is verified on the user's computer. In some cases, the browser may not trust the provided certificate (for example, if it is self-signed or contains errors). If this is the case, the user will see a warning about an unsafe connection.
If you are certain that the web resource is safe and do not want to verify the certificate upon each connection, you can add this certificate to the local storage of trusted root certificates on the user's computer. This procedure will have to be repeated manually on all computers that establish a connection with the specific web resource.
To avoid having to repeat this operation multiple times, you can add the certificate fingerprint to the list of trusted certificates of Kaspersky Web Traffic Security. The proxy server will relay the certificate of the requested web resource with the Trusted status to the user's computer. The user will not see the notification about an unsafe connection.
It is recommended to add trusted certificates only for web resources to which the Bump action is applied according to the SSL rule settings. When other actions are applied, the proxy server does not intercept the security certificate and cannot assign the Trusted status to it.
The list of trusted certificates is generated on the node with role Control, and is then applied on all cluster nodes.