#install #security #certificate
I have a web service that uses a self-signed certificate, so I need to install the certificate as a Trusted Root so that I can avoid all the security errors that having a self-signed certificate brings with it.
Using Windows 7, I’m going to:
Start Internet Explorer Run as Administrator Tools Internet Options Content Certificates Trusted Root Certification Authorities Import (select file) Next OK. and Windows reports Import Successful
However, the import is NOT successful. The certificate does not show in the list of trusted roots, and certificate errors still show up.
If I import the certificate into the Trusted Publishers container, it imports correctly, but this does not solve my security errors.
Thanks to the link posted by harrymc. I spent almost a day investigating this problem and figured out it was Windows Server 2008 default domain policy.
I suspect this problem only applies to Windows PC in a domain network environment. The default domain policy doesn’t allow user to install additional certificate to Trusted Root Certification Authorities, but the worst thing is if you tried Windows 7 will still say “Import Successfull” anyway.
If you want to check whether your domain policy allow you to install certificate to Trusted Root Certification Authority, when importing the cert via certmgr.msc manually select the store and tick ‘Show physical stores’. You should be able to place the cert into Trusted Root Certification Authorities\Local Computer
If you can’t see above, then it has to be enabled via group policy editor on your Windows Server Domain Controller (client PC restart is required for it to take effect):
When configuring Telerik’s Fiddler to handle HTTPS, I could not get root certificate installed. The error was “Failed to find the root certificate in User Root List”. I solved the problem by temporarily turning off WebRoot, my antivirus program, then reattempting to enable HTTPS handling which installs Fiddler’s root certificate. You may have to click the Action button on the HTTPS tab to remove/reset previous certificates before being able to create a new certificate.
answered Apr 24 at 14:11