Yesterday I wrote about how to create eDirectory SSL certificates with alternate names to use across round robin DNS load balanced web servers. Today I’ll discuss how to import the Organizational Root CA certificates into Internet Explorer to get rid of the Security Alert pop-ups.
To begin with, only a few Trusted Root Certification Authority certificates are included in Internet Explorer or any other web browser. It wouldn’t be practical to include every CA, so the browser authors select a few of the most widely used CAs to include with their software. Unless you work for Verisign or another large CA, your organizations’s Root CA certificate is probably not going to be on this list, so we’ll have to import the certificate on each web browser that will need a secure SSL connection to the web server.
The following instructions were validated with Internet Explorer 6. IE7 and other browsers may require different steps, but the concepts are the same.
To import the Organizational Root CA certificate from a web server
1) Browse to the https enabled web server
2) At the Security Alert popup, press View Certificate
3) Select the Certification Path tab
4) Highlight Organizational CA
5) Select View Certificate
6) Select Install Certificate – Next
7) Select Place all Certificates in the Following Store – Browse
8 ) Select Show Physical Stores
9) Expand Trusted Root Certification Authorities
10) Highlight Local Computer – OK – Next – Finish
11) Press OK when you are notified the import is successful
12) OK – OK – No
13) Close and reopen Internet Explorer. Verify the Security Certificate is from a trusted certifying authority. This means the CA is now trusted.
To import the Organizational Root CA certificate from a file
1) Obtain the certificate file from your administrator and save it locally
2) Right click the certificate and select Install Certificate – Next
3) Choose Place all certificates in the following store – Browse
4) Highlight Show Physical Stores
5) Expand Trusted Root Certification Authorities
6) Highlight Local Computer – OK – Next – Finish
7) Press OK when you are notified the import is successful
8 ) Open Internet Explorer. You should not receive the security alert when accessing the https enabled web server. This means the CA is now trusted.