Solved

Importing Signing CA into Internet explorer or Google Chrome web browser

Posted on 2013-11-03
5
830 Views
Last Modified: 2016-02-25
Hello Experts,

I am setting up a Sophos/Astaro UTM firewall and have enabled HTTPS (SSL) scanning. It appears that I now need to make the firewall a trusted signing authority by downloading the  "Signing CA" from the Sophos firewall and then import it into the browser on each machine that will be involved.

I downloaded the signing Certificate from the firewall software and imported it into Internet explorer but HTTPS websites still post the "no certificate error".

** In Internet Explorer I went to Internet Options - Content Tab.
- In Certificates section of Content tab I clicked on Certificates tab
- Clicked Import
- Browsed to/selected file (http_proxy_signing_ca.p12) from my firewall download
- imported this file

When I go to an HTTPS site, I am still getting the certificate errors so it seems the import did not work...


Does anyone know what the exact process is for importing a signing CA into a web browser is?

Thanks!
0
Comment
Question by:Saxitalis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 12

Expert Comment

by:David Paris Vicente
ID: 39620481
Did you try to import the Certificate to the computer account?

Open and MMC console -> File -> Add and Remove Snap In-> Certificates-> Add -> Choose Computer Account -> Choose Local Computer -> Ok

Then check if the certificate is stored on a specific store, like personal, trust roots, etc.

Remove it a try to import them again through this MMC.

To import a certificate, right click the folder, all tasks and choose import.
Select the path to the certificate and next.
Choose the store, personal or trusted root or Automatic select the certificate based on the certificate, next and finish.

Then try to open again the browser a see if the problem still remains.

Let us know.

Regards.
0
 

Author Comment

by:Saxitalis
ID: 39623132
Ok I tried this...

Did this:

Open and MMC console -> File -> Add and Remove Snap In-> Certificates-> Add -> Choose Computer Account -> Choose Local Computer -> Ok

The Certificate is stored on the Console Root. Is this what you mean?

I am a bit unclear on how to import my certificate (exported from my Sophos firewall).

"To import a certificate, right click the folder" What folder are you talking about here? The Console root folder? It does not give me a "browse to" option on the All Tasks context menu.

Still confused here...

Thanks!
0
 
LVL 12

Accepted Solution

by:
David Paris Vicente earned 500 total points
ID: 39624014
Hi.
"The Certificate is stored on the Console Root. Is this what you mean?"
No the console Root is the top level of MMC.

On your MMC you have something like this, see picture 1Picture 1
Underneath Console Root you have Certificates (Local Computer)  

Example:
Certificates (Local Computer)
Personal
-> This are the local stores Or folders
Trusted Root Certification
Enterprise Trust
Etc
Etc

Now look for the previous instalations of the certificate, that you installed through IE or Google Chrome on the folders underneath of the certificates (local computer). See an example on picture2 Picture 2
If you see your certificate deleted if not lets import him. To Import a certificate right click on a store or folder, see an example on picture 3 Picture 3
Now a new window opens, browse to the location/path where you have your certificate and choose the certificate file.
Click next.
Now choose the option "Automatically select the certificate store......."
Next again and then finish.

Now search for the certificate on the lcoal stores/folders and double click it, the certificate will open, see picture 4 Picture 4

If the certificate looks similar like this one, you are ready to go, if the certificate presents a Red Cross, probably the certificate has to bee imported also to the local store with the following name "Trusted Root Certification Authorities".

If the certificate present the error put the error here.

Let us know.

Regards
0
 

Author Closing Comment

by:Saxitalis
ID: 39625355
Thank you sir - this worked great!
0
 
LVL 12

Expert Comment

by:David Paris Vicente
ID: 39625715
I´m glad to help.

Regards
0

Featured Post

Enroll in June's Course of the Month

June’s Course of the Month is now available! Experts Exchange’s Premium Members, Team Accounts, and Qualified Experts have access to a complimentary course each month as part of their membership—an extra way to sharpen your skills and increase training.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question