Previous Topic Next topic Print topic


Installing a CA Root Certificate in a Client Browser

The root certificates of well-known trusted CAs are often installed with the client browser, so you might not need to install any. The security policy in your organization might restrict your access to the Web and might have removed the trusted CA root certificates. In this case you need to install root certificates for the CAs that signed the server certificates of the servers you need to communicate with securely.

Note: The root certificate for the demonstration CA is not pre-installed, and so you need to install this certificate to enable you to use the demonstration CA.

CA root certificates can be specified as any of the following:

To install a CA root certificate:

  1. In your browser, go to the options where you manage certificates. For example:
    • In Internet Explorer, click Tools > Internet Options > Content > Certificates. Go to the Trusted Root Certification Authorities tab.
    • In Mozilla Firefox, click Tools > Options > Advanced. Scroll down, click Manage Certificates and then click Authorities.
  2. Click Import and select the CA's root certificate.

    For the demonstration, select the self-signed certificate CARootCert.cer, which is in the private subdirectory of %ProgramFiles(x86)%\Micro Focus\DemoCA by default.

    Internet Explorer requires certificates in DER format, so only those are listed in the File Open field, and not the PEM format files. Mozilla Firefox can handle several types, so several are listed and you can install the PEM-format certificate.

  3. In Internet Explorer, use the Browse button to enter Trusted Root Certification Authorities in the Certificate Store field.

    In Mozilla Firefox, check Trust this CA to identify Web sites.

  4. Look down the list under Trusted Root Certification Authorities (for Internet Explorer) and Authorities (for Firefox). You'll see your Demo CA is now listed; look for its Common Name. If when you installed Micro Focus Security Pack you chose to use your computer DNS name as the DemoCA's Common Name, it will probably look an odd-one-out, because real CAs tend to give themselves user-friendly Common Names.
Previous Topic Next topic Print topic