Kisco Systems
iResetMe
iResetMe : Support : Browser Security Exceptions

Many iResetMe customers have reported the problem of receiving a security warning from their browser when starting a browser session with iResetMe. We have done testing on the popular browsers such as Microsoft Internet Explorer (IE), FireFox and Google Chrome. Review the following information about generating a correct digital certificate, then check the specific instructions for the browsers shown.

In the creation of the digital certificate, we have found that the "Common name" that was recommended in our configuration instructions prior to release 2.15 of iResetMe was incorrect. If you installed using Release 2.14 or eariler, you will have to create a new digital certificate. If you installed from 2.15 or later, you can skip down to the Set Up Instructions for your browser.

To determine the correct "Common name" go to a terminal session on your IBM i and go to the IBM menu named CFGTCP (GO CFGTCP). Run option #12 and make a note of the Host Name and Domain Name that are shown. Put these two together to form your common name. For example, if your Host Name is MYHOST and your Domain Name is MYDOMAIN.COM, then your common name will be MYHOST.MYDOMAIN.COM. Then, make sure that you can PING this name from the command line in your terminal session. It should return the IP address of your IBM i system. If not, then you will have to use menu option #10 on the CFGTCP menu to create a valid entry for your common name that points to the IP address of your IBM i system.

Before you continue with any browser, we recommend that you create a new digital certificate (with a new name) using the correct "Common name" and then assign the new certificate to the IRESETME application. Then, test it to make sure that it works before continuing.

FireFox Set Up Instructions

When you see the warning message This Connection Is Untrusted, follow this procedure:

  1. Click on the I Understand the Risks link
  2. In the additional dialog box that opens, click on the link for Add Exception...
  3. Verify the Location showing
  4. Make sure that the Permanently store this exception box is checked
  5. Click on the Confirm Security Exception
  6. The next time you start a browser session with iResetMe, it should work without an exception message.

IE Set Up Instructions

To set up IE to recognize this new certificate, do the following:

  1. Start an iResetMe logon session in your browser.
  2. When you get the warning panel, select the option to Continue to this website (not recommended).
  3. When the page is displayed, click on the red portion of the address bar that reads Certificate Error
  4. In the information window that opens, click on View Certificates
  5. Click on the Certification Path tab
  6. Highlight on the top most folder showing in the tree - this is the ROOT Certificate - then click on View Certificate
  7. On the following dialog click Install Certificate
  8. A welcome to the Certificate Import Wizard will appear - click Next
  9. On the following box, select the second option (Place all certificates in the following store), then click on the Browse option. In the list that is displayed, highlight the "Trusted Root Certification Authorities" entry and click OK
  10. On the next panel, click Finish
  11. Another warning panel will be displayed, click on Yes to complete the installation of the certificate
  12. Close the certificate properties box and end your browser session.
  13. The next time you start a browser session with iResetMe, it should work without an exception message.

Alternate IE Set Up Instructions

An alternate to the above approach for IE has also been identified as follows:

  1. In IBM's Digital Certificate Manager (DCM), select the option to "Install Local CA Certificate on Your PC".
  2. When the page is displayed, specify the "Copy and paste certificate" option.
  3. When the text for the certificate is displayed, copy and paste it into a text document on your PC and save that document.
  4. On the PC to be used to access iResetMe, go to the control panel settings and open the Internet Options.
  5. Select the "Certificates" button.
  6. Select the "Trusted Root Certification Authorities" and use the import function to add the Local CA Authority from the text file created in step 3 above.

At this point, any certificate issued by your IBM i Local CA Authority will be trusted by this PC.


Chrome Set Up Instructions

When you first try to access the site, you will get a warning screen. When this is displayed, do the following:

  1. Click on the "Advanced" box in the lower left corner of the screen
  2. Click on the "Proceed to (not recommended) at the bottom of the next screen.
  3. Your page will be shown and Chrome will remember this override so that it does not come up again.

MS Edge (Win 10) Set Up Instructions

When you first try to access the site, you will get a warning screen. When this is displayed, do the following:

  1. Click on the "Advanced" box in the lower left corner of the screen
  2. Click on the "Proceed to (not recommended) at the bottom of the next screen.
  3. Your page will be shown and Edge will remember this override so that it does not come up again.

We are still researching options for other browsers. Keep an eye on this space for details.