Solved

self-signed CA certificate on roaming install (Windows 7)

Posted on 2014-01-15
4
458 Views
Last Modified: 2014-01-15
Hi Experts,
Please correct me where I'm wrong.  I'm doing the following all on the same computer, running Windows 7.

I'm creating a self-signed cert and adding it to my trusted root authorities with MMC with certificate snap-in with this call:

This is how this CA cert is created:
makecert.exe -sr currentuser -ss ROOT -a sha1 -n "CN=MyCompany,O=MyCompany,OU=R&D" -sky signature -pe -r "MyCompanyCA.cer" -sv "MyCompanyCA.pvk"

Open in new window


Then I create a signed certificate with my self-signed CA cert (that should now be trusted on my machine) with this line:
makecert.exe -sr currentuser -ss MY -a sha1 -n "CN=localhost,O=MyCompany,OU=R&D" -sky exchange -pe -ir currentuser -iv "MyCompanyCA.pvk" -ic "MyCompanyCA.cer"

Open in new window


My application uses this (2nd) certificate to give me HTTPS in an embedded webserver from http://webserver.codeplex.com/ (the cert it uses is a pfx from the 2nd cert above.

Firefox gives me a warning telling me my certificate is not trusted (even though it's been signed with the self-signed CA cert that is sitting in my certificate store).  What gives?  I don't want to have to add the exception...

Many thanks,
Mike
0
Comment
Question by:thready
  • 2
  • 2
4 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 39782672
Firefox does not use windows for certificates.
instead, import into your firefox certificate store
Goto: Tools>>Options, Advanced, Encryption, hit the "certificates" button, and import there.
0
 
LVL 1

Author Comment

by:thready
ID: 39782705
Oh!  Is this the same for chrome?  (I think I had the same issue with chrome).  But not IE.  (or vice versa)...
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39782753
Well, I thought chrome used the local windows keystore - certainly on my machine, when you select settings >> advanced >> https/ssl >> manage certificates,  you get the same plugin you get if you look in IE....
0
 
LVL 1

Author Closing Comment

by:thready
ID: 39782773
Probably just firefox - I have to try this again.  Many thanks!
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now