Solved

self-signed CA certificate on roaming install (Windows 7)

Posted on 2014-01-15
4
459 Views
Last Modified: 2014-01-15
Hi Experts,
Please correct me where I'm wrong.  I'm doing the following all on the same computer, running Windows 7.

I'm creating a self-signed cert and adding it to my trusted root authorities with MMC with certificate snap-in with this call:

This is how this CA cert is created:
makecert.exe -sr currentuser -ss ROOT -a sha1 -n "CN=MyCompany,O=MyCompany,OU=R&D" -sky signature -pe -r "MyCompanyCA.cer" -sv "MyCompanyCA.pvk"

Open in new window


Then I create a signed certificate with my self-signed CA cert (that should now be trusted on my machine) with this line:
makecert.exe -sr currentuser -ss MY -a sha1 -n "CN=localhost,O=MyCompany,OU=R&D" -sky exchange -pe -ir currentuser -iv "MyCompanyCA.pvk" -ic "MyCompanyCA.cer"

Open in new window


My application uses this (2nd) certificate to give me HTTPS in an embedded webserver from http://webserver.codeplex.com/ (the cert it uses is a pfx from the 2nd cert above.

Firefox gives me a warning telling me my certificate is not trusted (even though it's been signed with the self-signed CA cert that is sitting in my certificate store).  What gives?  I don't want to have to add the exception...

Many thanks,
Mike
0
Comment
Question by:thready
  • 2
  • 2
4 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 39782672
Firefox does not use windows for certificates.
instead, import into your firefox certificate store
Goto: Tools>>Options, Advanced, Encryption, hit the "certificates" button, and import there.
0
 
LVL 1

Author Comment

by:thready
ID: 39782705
Oh!  Is this the same for chrome?  (I think I had the same issue with chrome).  But not IE.  (or vice versa)...
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39782753
Well, I thought chrome used the local windows keystore - certainly on my machine, when you select settings >> advanced >> https/ssl >> manage certificates,  you get the same plugin you get if you look in IE....
0
 
LVL 1

Author Closing Comment

by:thready
ID: 39782773
Probably just firefox - I have to try this again.  Many thanks!
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now