?
Solved

self-signed CA certificate on roaming install (Windows 7)

Posted on 2014-01-15
4
Medium Priority
?
472 Views
Last Modified: 2014-01-15
Hi Experts,
Please correct me where I'm wrong.  I'm doing the following all on the same computer, running Windows 7.

I'm creating a self-signed cert and adding it to my trusted root authorities with MMC with certificate snap-in with this call:

This is how this CA cert is created:
makecert.exe -sr currentuser -ss ROOT -a sha1 -n "CN=MyCompany,O=MyCompany,OU=R&D" -sky signature -pe -r "MyCompanyCA.cer" -sv "MyCompanyCA.pvk"

Open in new window


Then I create a signed certificate with my self-signed CA cert (that should now be trusted on my machine) with this line:
makecert.exe -sr currentuser -ss MY -a sha1 -n "CN=localhost,O=MyCompany,OU=R&D" -sky exchange -pe -ir currentuser -iv "MyCompanyCA.pvk" -ic "MyCompanyCA.cer"

Open in new window


My application uses this (2nd) certificate to give me HTTPS in an embedded webserver from http://webserver.codeplex.com/ (the cert it uses is a pfx from the 2nd cert above.

Firefox gives me a warning telling me my certificate is not trusted (even though it's been signed with the self-signed CA cert that is sitting in my certificate store).  What gives?  I don't want to have to add the exception...

Many thanks,
Mike
0
Comment
Question by:thready
  • 2
  • 2
4 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 2000 total points
ID: 39782672
Firefox does not use windows for certificates.
instead, import into your firefox certificate store
Goto: Tools>>Options, Advanced, Encryption, hit the "certificates" button, and import there.
0
 
LVL 1

Author Comment

by:thready
ID: 39782705
Oh!  Is this the same for chrome?  (I think I had the same issue with chrome).  But not IE.  (or vice versa)...
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39782753
Well, I thought chrome used the local windows keystore - certainly on my machine, when you select settings >> advanced >> https/ssl >> manage certificates,  you get the same plugin you get if you look in IE....
0
 
LVL 1

Author Closing Comment

by:thready
ID: 39782773
Probably just firefox - I have to try this again.  Many thanks!
0

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
In this article, I explain what Convergent Encryption is and how it can be used.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question