- Published on : 10 November 2014 at 14:56 UTC
When you create a root CA to generate certificates that will be used to secure IIS servers, to sign your programs, ... you have to import the certificate of your root certification authority in the list of "Trusted Root Certification Authorities" of your computers.
If your computers that are using secure website (https/ssl) or your signed programs, are members of your Active Directory, then you can distribute your root certificate to these computers by GPO by following this : Distribute the certificate to the Active Directory clients.
Otherwise, you must manually import the certificate of your certification authority using the MMC console that comes with Windows.
To begin, start the mmc program and go to "File -> Add / Remove Snap-in".
Select "Certificates" and click "Add >".
Select "A computer account" so that your certificates are considered valid for all users of this computer.
Select "Local computer ...".
To import your the certificate of the root authority, right click on "Trusted Root Certification Authorities" and click "All Tasks -> Import".
The Import Wizard appears.
Select your certificate in .cer format.
Note : If you don't know how to export the certificate of your root authority, follow this tutorial : Export the root authority certificate.
Windows will place, by default, the certificate in the certificate store : "Trusted Root Certification Authorities".
A summary is displayed. Click "Finish".
Now your root authority will be recognized as a trusted root authority, and certificates that you issue (will sign) through your CA will be considered as "emanating from a trusted certification authority".