|
|
The trading platform provides an option of extended authentication using SSL certificates, which greatly increases the safety of the system. The extended authentication can be enabled on the server. When it is enabled, the standard authentication is still active. In any case, users need to enter their account details.
|
Order of Generating and Receiving a Certificate
When trying to login using an account with the extended authentication, you will need to go through standard authentication. After that, the trade server sends a request to the trading platform to generate two keys: private and public. The public key is sent to the trade server.
Based on the account data, the server generates a certificate and signs it with its private key (the server's private key signature guarantees that the certificate cannot be falsified). After that a window appears in the trading platform, in which you need to enter the password to protect the certificate:
The following fields and settings are available in this window:
- Password — a password for the certificate installation;
- Confirm password — confirmation of the password to avoid mistyping;
- Add the certificate to the Windows storage — if this option is enabled, the certificate is automatically installed to the operating system storage. If you install the certificate to the system storage, then you can choose not to keep the PFX file of the certificate on the hard disk in the folder /platform_folder/config/certificates. The platform checks the certificate in the system storage or in the specified folder on the hard disk.
The password for the certificate must contain at least two types of symbols (lower case, upper case, digits), and be at least 5 characters long. |
After the required data are specified, press "Continue". The certificate is packed and protected by the specified password. The resulting certificate file *.pfx is stored in /platform_folder/config/certificates, from which it can be relocated later. The certificate files are named according to the following rule: Login_ID_Name.pfx, where:
- Login is the account number;
- ID is a short name of the company the account was opened in;
- Name is the name of a client specified when creating the account.
|
Authentication
Further, each time you connect in the extended authentication mode, you will need to enter the certificate password together with the main account details:
Confirmation of Certificates
An additional mode of certificate confirmation can be enabled on the server to significantly increase the safety of the platform. Until the certificate is confirmed, connection is only possible in the investor mode without the possibility to trade.
In this mode, after a certificate is received, a special email is sent to the platform, describing actions to be taken to confirm the certificate (for example, call the number specified and confirm user identity). The email can be viewed on the Mailbox tab of the Toolbox window.
Once the certificate is confirmed, a user can trade from this account.
|
Move Certificates to Another PC
To connect to an account with an extended authentication, a user requires a certificate. To work with the account on several computers or on a new computer, you need to move/copy the certificate.
To move the certificate, copy its PFX file from /platform_folder/config/certificates of the source computer to the same folder on the target computer.