How to generate a trusted root certificate and set up PreVeil Trusted Devices
What is a Trusted Root Certificate?
A Root SSL certificate is a certificate issued by a trusted certificate authority (CA).
A trusted certificate authority is an entity that’s entitled to verify someone is who they say they are. In order for this model to work, all participants must agree on a set of trusted CAs. All operating systems and most web browsers ship with a set of trusted CAs.
How do I create a trusted Root Certificate?
Installing a trusted root certificate.
You can install a trusted root certificate by following these steps:
From your web certificate browser.
From the machine that receives the certificate, navigate to your web browser, local certification server. This should be the same certificate used for client certificates.
Choose Download a CA certificate, certificate chain, or CRL link.
From the list select the appropriate certificate of authority then choose the Base 64 Encoding method.
Click the Download CA certificate link and then the Open option from the open or save the certificate window.
Next, from the certificate window, select Install Certificate…. to open the Certificate Import wizard.
Select Next in the wizard. Next choose Place all certificates in the following store from the Certificate Stores and then the Trusted Root Certification Authorities store.
Complete the wizard steps and click Finish.
Reboot the computer.
more found here
PreVeil Setup
As the administrator, go to http://127.0.0.1:4003/admin/device-settings
Open the root certificate with a text editor and copy its contents
Add a Trusted Root Certificate
Paste the contents of the root certificate and save.
Restart your computer for the changes to take effect.
On the end-user devices, import the server certificate to the local computer’s personal store. Instructions for Windows 10+
Press Win + R to open the Run dialog
Type "certlm.msc" and press Enter to open the Local Computer Certificate Manager
In the left pane, expand "Personal"
Right-click on "Certificates"
Select All Tasks > Import
When the Certificate Import Wizard opens, click Next
Click Browse and locate your server certificate file (.cer, .crt, or .p7b format)
Click Next
Select "Place all certificates in the following store"
Verify "Personal" is selected as the certificate store
Click Next
Click Finish to complete the import
You should see a confirmation that the import was successful
Restart your computer for the changes to take effect