The trading platform provides an option of extended authentication using SSL certificates, which greatly increases the safety of the system. The extended authentication can be enabled on the server. When it is enabled, the standard authentication is still active. In any case, users need to enter their account details.
When trying to login using an account with the extended authentication, you will need to go through standard authentication. After that, the trade server sends a request to the trading platform to generate two keys: private and public. The public key is sent to the trade server.
Based on the account data, the server generates a certificate and signs it with its private key (the server's private key signature guarantees that the certificate cannot be falsified). After that a window appears in the trading platform, in which you need to enter the password to protect the certificate:
The following fields and settings are available in this window:
The password for the certificate must contain at least two types of symbols (lower case, upper case, digits), and be at least 5 characters long.
After the required data are specified, press "Continue". The certificate is packed and protected by the specified password. The resulting certificate file *.pfx is stored in /platform_folder/config/certificates, from which it can be relocated later. The certificate files are named according to the following rule: Login_ID_Name.pfx, where:
Further, each time you connect in the extended authentication mode, you will need to enter the certificate password together with the main account details:
An additional mode of certificate confirmation can be enabled on the server to significantly increase the safety of the platform. Until the certificate is confirmed, connection is only possible in the investor mode without the possibility to trade.
In this mode, after a certificate is received, a special email is sent to the platform, describing actions to be taken to confirm the certificate (for example, call the number specified and confirm user identity). The email can be viewed on the Mailbox tab of the Toolbox window.
Once the certificate is confirmed, a user can trade from this account.
To connect to an account with an extended authentication, a user requires a certificate. To work with the account on several computers or on a new computer, you need to move/copy the certificate.
To move the certificate, copy its PFX file from /platform_folder/config/certificates of the source computer to the same folder on the target computer.
If the certificate was requested and generated via the desktop platform, you should transfer it to your iPhone/iPad or Android device if you want to be able to enter your account via that device.
The certificate is transferred securely via a trading server:
The certificate transfer is secure: the trading server is used solely as an intermediate storage, while encryption is performed at the user's side. The certificate password is not transferred or stored on the trade server.
Connect to the account via the desktop platform and select "Transfer SSL certificate to mobile device" in its context menu:
Specify the master password of the account to confirm that it belongs to you. Next, set the password to be used to protect the certificate before sending it to the server or use an automatically generated random password. The password should consist of at least 8 digits.
After successfully sending the certificate to the server, open the mobile platform and connect to the account. You will be immediately offered to import the certificate. Agree and enter the password you have set during the transfer.
You can view the certificate in About – Certificates.
You can transfer the certificate manually:
To view a certificate used for the account in the extended authentication mode click on "Certificate" on the Server tab.
The following certificate details are displayed here:
The public part of the certificate (without the private key) can be exported to a file.
Do not submit your certificate pfx file containing the private key to anyone. This file is generated during the first connection in the extended authentication mode and is stored in /platform_folder/config/certificates.
To export the public part of your certificate, move to the Details tab and click "Copy to File":
Follow the instructions of Certificate Export Wizard. Select the file format for export after the greeting message:
Specify a file name and complete the export process.
The extended authentication option cannot be used in the web platform and in the Signals service. If extended authentication is used on an account, you cannot connect to this account via the web platform or register it to provide trading signals. However, copying of signals to an account with extended authentication is possible.