Certificates

[nfhopmike]

My remote access is throwing up an untrusted certificate error as follows: CA Root certificate is not trusted. To enable trust install this certificate in the Trusted Root Certification Authorities store. It is not offering an option to install the certificate.

I need assistance with this, can't find how to install the certificate in the store - can anyone help? I am using Windows 7 Home Premium on a Dell Studio XPS16

 

[Jacee]

If you're sure you want to trust it ... Windows root certificate program members

 

[nfhopmike]

Thanks Jacee - but I could really do with a step-by-step guide....

 

[Jacee]

CA Root certificate is not trusted

Is CA an antivirus program you want to install?

 

[nfhopmike]

No - it's for remote access from home to my terminal server at work using Microsoft SBS 2003. I can access the server on another machine using XP, which accepts the certificate, but Win7 won't let me log in.

 

[Little Darwin]

I am going to bump this thread because I have a similar issue.

The CA stands for Certificate Authority.

The problem stated, if it is the same as mine is that our companies uses their own Certificate Authorities for internal sites, and it is not in the built in set of trusted root certificates that is distributed with IE (or any other browser).

I have been searching my intranet to find a solution, but when I do, I am sure it will only apply to Windows XP and IE 6.

When I get an invalid certificate for a site, I tell the system to store it, but it doesn't seem to stick because the root is still untrusted...

Is there a way to say "Trust this Root Certificate" in IE 8, or is there something I must install independently?

Thanks!

 

[Victek]

Thanks Jacee - but I could really do with a step-by-step guide....

.
Perhaps this will help. This information can be found by opening Control Panel/Internet Options/Content/Certificates and then clicking the learn more about certificates link on that properties sheet. There's a lot more there so check it out


You should only import certificates obtained from trusted sources. Importing an unreliable certificate could compromise the security of any system component that uses the imported certificate.
You can import a certificate into any logical or physical store. In most cases, you will import certificates into the Personal store or the Trusted Root Certification Authorities store, depending on whether the certificate is intended for you or if it is a root certification authority (CA) certificate.
Users or local Administrators is the minimum group membership required to complete this procedure. Review the details in "Additional considerations" in this topic.

To import a certificate

1. Open the Certificates snap-in for a user, computer, or service.
2. In the console tree, click the logical store where you want to import the certificate.
3. On the Action menu, point to All Tasks, and then click Import to start the Certificate Import Wizard.
4. Type the file name containing the certificate to be imported. (You can also click Browse and navigate to the file.)
5. If it is a PKCS #12 file, do the following:
   
   • Type the password used to encrypt the private key.
   • (Optional) If you want to be able to use strong private key protection, select the Enable strong private key protection check box.
   • (Optional) If you want to back up or transport your keys at a later time, select the Mark key as exportable check box.
6. Do one of the following:
   
   • If the certificate should be automatically placed in a certificate store based on the type of certificate, click Automatically select the certificate store based on the type of certificate.
   • If you want to specify where the certificate is stored, select Place all certificates in the following store, click Browse, and choose the certificate store to use.

Additional considerations

• User certificates can be managed by the user or by an administrator. Certificates issued to a computer or service can only be managed by an administrator or user who has been given the appropriate permissions.
  
  
• To open the Certificates snap-in, see Add the Certificates Snap-in to an MMC.
  
  
• Enabling strong private key protection will ensure that you are prompted for a password every time the private key is used. This is useful if you want to make sure that the private key is not used without your knowledge.
• The file from which you import certificates will remain intact after you have completed importing the certificates. You can use Windows Explorer to delete the file if it is no longer needed.

 

[Little Darwin]

It looks like I need to get someone to provide me with a file to get the root certificate installed.

I'll see if I can get someone to help me by providing the file. Thanks!

 

[dennisl68]

What is "user who has been given the appropriate permissions".
I need to automate some certificate management and can't use the administrators group due to UAC restrictions (and no I'm not allowed to lower the UAC level).