Configuring encrypted connections scan in the command line

Special administration commands are provided in the command line for administering the settings for the encrypted connections scan. Using the commands for managing the settings for the encrypted connections scan, you can:

• Configure settings for the encrypted connections scan.
• View exclusions from the encrypted connections scan.
• Clear the list of domains that the application automatically excluded from the scan.
• Configure the list of trusted root certificates that the application uses when scanning encrypted connections.

Viewing and editing settings for encrypted connections scan

Using the commands for managing the settings for the encrypted connections scan, you can:

• Output the current values of the settings for the encrypted connections scan to the console or to a configuration file. You can use this file to edit the settings.
• Edit all the settings for the encrypted connections scan using the configuration file that contains the settings. You can get the configuration file using the command for displaying settings for the encrypted connections scan.
• Edit individual settings using command line options in the format <setting name>=<setting value>. You can get the current values of the settings using the command for displaying the settings for the encrypted connections scan.

To output the current values of the settings of the encrypted connections scan to the console, execute the following command:

kess-control --get-net-settings [--json]

where --json is specified to output the settings in JSON format. If the --json option is not specified, the settings are output in the INI format.

To output the current values of the settings for the encrypted connections scan to a file, execute the following command:

kess-control --get-net-settings --file <path to configuration file> [--json]

where:

• --file <configuration file path> is the path to the configuration file where the settings for the encrypted connections scan will be saved. If you specify the name of a file without specifying its path, the file will be created in the current directory. If a file with the specified name already exists in the specified path, it will be overwritten. If the specified directory cannot be found on the disk, file will not be created.
• --json is specified to output the settings in JSON format. If the --json option is not specified, the settings are output in the INI format.

To edit the values of the settings for the encrypted connections scan using a configuration file:

1. Output the general application settings to a configuration file, as described above.
2. Edit the values of the necessary parameters in the file and save the changes.
3. Execute the command:

   kess-control --set-net-settings --file <path to configuration file> [--json]

   where:

   • --file <configuration file path> is the full path to the configuration file with the settings for the encrypted connections scan.
   • --json is specified to import the settings from the configuration file into the application in JSON format. If the --json option is not specified, the application attempts to import from an INI file. If the import fails, an error is displayed.

All the values of the settings for the encrypted connections scan defined in the file will be imported into the application.

To edit the values of the settings for the encrypted connections scan using the command line, execute the following command:

kess-control --set-net-settings <setting name>=<setting value> [<setting name>=<setting value>]

where <setting name>=<setting value> is the name and value of one of the settings for the encrypted connections scan.

The values of the specified settings for the encrypted connections scan will be changed.

Viewing exclusions from encrypted connections scan

You can view the following lists of exclusions from the encrypted connections scan:

• a list of exclusions added by the user;
• a list of exclusions added by the application;
• list of exclusions received from the application databases.

To view the list of secure connection scan exclusions added by a user, execute the following command:

kess-control -N --query user

To view the list of secure connection scan exclusions added by a user, execute the following command:

kess-control -N --query auto

To view the list of secured connection scan exclusions received from the application databases, execute the following command:

kess-control -N --query kl

To clear a list of domains that the application automatically excluded from scan, execute the following command:

kess-control [-N] --clear-web-auto-excluded

Managing the list of trusted root certificates

To add a certificate to the list of trusted root certificates, run the following command:

kess-control --add-certificate <path to certificate>

where:

<path to certificate> is the path to the certificate file that you want to add (PEM or DER format).

To remove a certificate from the list of trusted root certificates, run the following command:

kess-control --remove-certificate <certificate subject>

To view the list of trusted root certificates, execute the following command:

kess-control --list-certificates

The following information is displayed for each certificate:

• certificate subject
• serial number
• certificate issuer
• certificate start date
• certificate expiration date
• SHA256 certificate fingerprint