Solved

Importing Signing CA into Internet explorer or Google Chrome web browser

Posted on 2013-11-03
5
814 Views
Last Modified: 2016-02-25
Hello Experts,

I am setting up a Sophos/Astaro UTM firewall and have enabled HTTPS (SSL) scanning. It appears that I now need to make the firewall a trusted signing authority by downloading the  "Signing CA" from the Sophos firewall and then import it into the browser on each machine that will be involved.

I downloaded the signing Certificate from the firewall software and imported it into Internet explorer but HTTPS websites still post the "no certificate error".

** In Internet Explorer I went to Internet Options - Content Tab.
- In Certificates section of Content tab I clicked on Certificates tab
- Clicked Import
- Browsed to/selected file (http_proxy_signing_ca.p12) from my firewall download
- imported this file

When I go to an HTTPS site, I am still getting the certificate errors so it seems the import did not work...


Does anyone know what the exact process is for importing a signing CA into a web browser is?

Thanks!
0
Comment
Question by:Saxitalis
  • 3
  • 2
5 Comments
 
LVL 12

Expert Comment

by:David Paris Vicente
Comment Utility
Did you try to import the Certificate to the computer account?

Open and MMC console -> File -> Add and Remove Snap In-> Certificates-> Add -> Choose Computer Account -> Choose Local Computer -> Ok

Then check if the certificate is stored on a specific store, like personal, trust roots, etc.

Remove it a try to import them again through this MMC.

To import a certificate, right click the folder, all tasks and choose import.
Select the path to the certificate and next.
Choose the store, personal or trusted root or Automatic select the certificate based on the certificate, next and finish.

Then try to open again the browser a see if the problem still remains.

Let us know.

Regards.
0
 

Author Comment

by:Saxitalis
Comment Utility
Ok I tried this...

Did this:

Open and MMC console -> File -> Add and Remove Snap In-> Certificates-> Add -> Choose Computer Account -> Choose Local Computer -> Ok

The Certificate is stored on the Console Root. Is this what you mean?

I am a bit unclear on how to import my certificate (exported from my Sophos firewall).

"To import a certificate, right click the folder" What folder are you talking about here? The Console root folder? It does not give me a "browse to" option on the All Tasks context menu.

Still confused here...

Thanks!
0
 
LVL 12

Accepted Solution

by:
David Paris Vicente earned 500 total points
Comment Utility
Hi.
"The Certificate is stored on the Console Root. Is this what you mean?"
No the console Root is the top level of MMC.

On your MMC you have something like this, see picture 1Picture 1
Underneath Console Root you have Certificates (Local Computer)  

Example:
Certificates (Local Computer)
Personal
-> This are the local stores Or folders
Trusted Root Certification
Enterprise Trust
Etc
Etc

Now look for the previous instalations of the certificate, that you installed through IE or Google Chrome on the folders underneath of the certificates (local computer). See an example on picture2 Picture 2
If you see your certificate deleted if not lets import him. To Import a certificate right click on a store or folder, see an example on picture 3 Picture 3
Now a new window opens, browse to the location/path where you have your certificate and choose the certificate file.
Click next.
Now choose the option "Automatically select the certificate store......."
Next again and then finish.

Now search for the certificate on the lcoal stores/folders and double click it, the certificate will open, see picture 4 Picture 4

If the certificate looks similar like this one, you are ready to go, if the certificate presents a Red Cross, probably the certificate has to bee imported also to the local store with the following name "Trusted Root Certification Authorities".

If the certificate present the error put the error here.

Let us know.

Regards
0
 

Author Closing Comment

by:Saxitalis
Comment Utility
Thank you sir - this worked great!
0
 
LVL 12

Expert Comment

by:David Paris Vicente
Comment Utility
I´m glad to help.

Regards
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Introduction If you're like most people, you have occasionally made a typographical error when you're entering information into an online form.  And to your consternation, the browser remembers the error, and offers to autocomplete your future entr…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now