PKI Tutorials - Herong's Tutorial Examples - Version 2.04, by Dr. Herong Yang
Importing CA Certificates into the Trusted Store
This section provides a tutorial example on how to import a root CA certificate into the 'Trusted Root Certificate Authorities' certificate store using 'Internet Options'.
To fix the certificate validation error shown in the previous tutorial, Amy needs to import "CAcert.org" certificate into the "Trusted Root Certificate Authorities" certificate store.
1. Click "Start > Control Panel > Internet Options". The "Internet Properties" dialog box shows up.
2. Click "Content" tab, then "Certificate" button. The "Certificates" dialog box shows up.
3. Click "Trusted Root Certificate Authorities" tab, then "Import" button. The "Certificates Import Wizard" shows up.
4. Follow the instruction to import "CAcert.org" certificate stored in CACertSigningAuthority.crt. If you lost this file, you can get it from CAcert.org Web site.
5. At the end, the wizard prompts a warning message:
You are about to install a certificate from a certificate authority (CA) claiming to represent: CA Cert Signing Authority Windows cannot validate that the certificate is actually from "CA Cert Signing Authority". You should confirm its origin by contacting "CA Cert Signing Authority". The following number will assist you in this process: Thumbprint (sha1): 125CEC36 ... Warning: If you install this root certificate, Windows will automatically trust any certificate issued by this CA. Installing a certificate with an unconfirmed thumbprint is a security risk. If you click "Yes" you acknowledge this risk. Do you want to install this certificate? [Yes] [No]
6. Click "Yes" and "CAcert.org" certificate is installed.
Windows is happy now. Amy's certificate can be validated up to a trusted root CA.
Last update: 2011.
Table of Contents