Unrecognized self-signed SSL certs

Found this on stackoverflow after I had issues with an SSL (self-signed) certificate on a client machine – it still didn’t work even after installing the cert via the browser.  The fix, in addition to installing the actual certificate, was to add the Certificate Authority on the client machine.

On the web server:

  • Win+R, MMC, Enter.
  • File, Add-Remove snap-in, Certificates, Add, Manage certificates for: my user account, Finish, OK.
  • Navigate to "Certificates – current user / Trusted Root Certification Authorities / Certificates".
  • Find your certificate, right-click, All tasks / Export.
  • "No, don’t export the private key"
  • "DER Encoded binary X.509 (.CER)"
  • Save the file somewhere.
  • Transfer the newly created .CER file to the client PC.

On the client machine:

  • Win+R, MMC, Enter.
  • File, Add-Remove snap-in, Certificates, Add, Manage certificates for: my user account, Finish, OK.
  • Navigate to "Certificates – current user / Trusted Root Certification Authorities / Certificates".
  • Right-click on Certificates container, All tasks / Import
  • Choose your .CER file you’ve transferred from the server machine.
  • On the next screen, choose "Place all certificates in the following store", click "Browse", check "Show physical stores", then choose "Trusted Root Certification Authorities / Local Computer".
  • Press "Finish" finally.
  • In Internet Explorer: Tools – Delete browsing History,
  • In Internet Explorer: Tools – Internet options – "Content" tab – Clear SSL state button.

Leave a Reply

Your email address will not be published. Required fields are marked *