How to generate a trusted root certificate and set up PreVeil Trusted Devices

How to generate a trusted root certificate and set up PreVeil Trusted Devices

What is a Trusted Root Certificate?

A Root SSL certificate is a certificate issued by a trusted certificate authority (CA).

A trusted certificate authority is an entity that’s entitled to verify someone is who they say they are. In order for this model to work, all participants must agree on a set of trusted CAs. All operating systems and most web browsers ship with a set of trusted CAs.

How do I create a trusted Root Certificate?

image-20240909-174305.png
image-20240909-174330.png
image-20240909-174411.png
image-20240909-174431.png

source

Installing a trusted root certificate.

You can install a trusted root certificate by following these steps: 

  1. From your web certificate browser.

    1. Select Download a CA certificate, certificate chain, or CRL link,  more here

    2. Select the certificate of authority and choose Base 64 Encoding, more here

    3. Select Download CA certificate and then Open 

    4. In the certificate window, select Install Certificate 

    5. In the Certificate Import wizard, select Next


  1. From the machine that receives the certificate, navigate to your web browser, local certification server. This should be the same certificate used for client certificates.

  2. Choose Download a CA certificate, certificate chain, or CRL link.

  3. From the list select the appropriate certificate of authority then choose the Base 64 Encoding method.

  4. Click the Download CA certificate link and then the Open option from the open or save the certificate window.

  5. Next, from the certificate window, select Install Certificate…. to open the Certificate Import wizard.

  6. Select Next in the wizard. Next choose Place all certificates in the following store from the Certificate Stores and then the Trusted Root Certification Authorities store.

  7. Complete the wizard steps and click Finish.

  8. Reboot the computer.

 

more found here

 

PreVeil Setup

  1. As the administrator, go to http://127.0.0.1:4003/admin/device-settings

  2. Open the root certificate with a text editor and copy its contents

  3. Add a Trusted Root Certificate

    image-20250509-151516.png

Paste the contents of the root certificate and save.

image-20250509-151739.png
  1. Restart your computer for the changes to take effect.

  2. On the end-user devices, import the server certificate to the local computer’s personal store. Instructions for Windows 10+

    1. Press Win + R to open the Run dialog

    2. Type "certlm.msc" and press Enter to open the Local Computer Certificate Manager

    3. In the left pane, expand "Personal"

    4. Right-click on "Certificates"

    5. Select All Tasks > Import

    6. When the Certificate Import Wizard opens, click Next

    7. Click Browse and locate your server certificate file (.cer, .crt, or .p7b format)

    8. Click Next

    9. Select "Place all certificates in the following store"

    10. Verify "Personal" is selected as the certificate store

    11. Click Next

    12. Click Finish to complete the import

    13. You should see a confirmation that the import was successful

    14. Restart your computer for the changes to take effect