• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 894
  • Last Modified:

Importing Signing CA into Internet explorer or Google Chrome web browser

Hello Experts,

I am setting up a Sophos/Astaro UTM firewall and have enabled HTTPS (SSL) scanning. It appears that I now need to make the firewall a trusted signing authority by downloading the  "Signing CA" from the Sophos firewall and then import it into the browser on each machine that will be involved.

I downloaded the signing Certificate from the firewall software and imported it into Internet explorer but HTTPS websites still post the "no certificate error".

** In Internet Explorer I went to Internet Options - Content Tab.
- In Certificates section of Content tab I clicked on Certificates tab
- Clicked Import
- Browsed to/selected file (http_proxy_signing_ca.p12) from my firewall download
- imported this file

When I go to an HTTPS site, I am still getting the certificate errors so it seems the import did not work...


Does anyone know what the exact process is for importing a signing CA into a web browser is?

Thanks!
0
Saxitalis
Asked:
Saxitalis
  • 3
  • 2
1 Solution
 
David Paris VicenteSystems and Comunications  Administrator Commented:
Did you try to import the Certificate to the computer account?

Open and MMC console -> File -> Add and Remove Snap In-> Certificates-> Add -> Choose Computer Account -> Choose Local Computer -> Ok

Then check if the certificate is stored on a specific store, like personal, trust roots, etc.

Remove it a try to import them again through this MMC.

To import a certificate, right click the folder, all tasks and choose import.
Select the path to the certificate and next.
Choose the store, personal or trusted root or Automatic select the certificate based on the certificate, next and finish.

Then try to open again the browser a see if the problem still remains.

Let us know.

Regards.
0
 
SaxitalisAuthor Commented:
Ok I tried this...

Did this:

Open and MMC console -> File -> Add and Remove Snap In-> Certificates-> Add -> Choose Computer Account -> Choose Local Computer -> Ok

The Certificate is stored on the Console Root. Is this what you mean?

I am a bit unclear on how to import my certificate (exported from my Sophos firewall).

"To import a certificate, right click the folder" What folder are you talking about here? The Console root folder? It does not give me a "browse to" option on the All Tasks context menu.

Still confused here...

Thanks!
0
 
David Paris VicenteSystems and Comunications  Administrator Commented:
Hi.
"The Certificate is stored on the Console Root. Is this what you mean?"
No the console Root is the top level of MMC.

On your MMC you have something like this, see picture 1Picture 1
Underneath Console Root you have Certificates (Local Computer)  

Example:
Certificates (Local Computer)
Personal
-> This are the local stores Or folders
Trusted Root Certification
Enterprise Trust
Etc
Etc

Now look for the previous instalations of the certificate, that you installed through IE or Google Chrome on the folders underneath of the certificates (local computer). See an example on picture2 Picture 2
If you see your certificate deleted if not lets import him. To Import a certificate right click on a store or folder, see an example on picture 3 Picture 3
Now a new window opens, browse to the location/path where you have your certificate and choose the certificate file.
Click next.
Now choose the option "Automatically select the certificate store......."
Next again and then finish.

Now search for the certificate on the lcoal stores/folders and double click it, the certificate will open, see picture 4 Picture 4

If the certificate looks similar like this one, you are ready to go, if the certificate presents a Red Cross, probably the certificate has to bee imported also to the local store with the following name "Trusted Root Certification Authorities".

If the certificate present the error put the error here.

Let us know.

Regards
0
 
SaxitalisAuthor Commented:
Thank you sir - this worked great!
0
 
David Paris VicenteSystems and Comunications  Administrator Commented:
I´m glad to help.

Regards
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now