Trust a Certificate

Trust a Certificate KB ID 0001893

Problem

There was a question on the Spiceworks forum this week and I suggested simply trusting the certificate to stop a certificate error, and got asked.

Could you please let me know how to import the downloaded certificate

I was surprised to find I’d not really covered this as a stand-alone subject so here we go.

Solution: Trust a Certificate

Firstly,  If you can go and spend a few minutes reading the following article Digital Certificates Explained especially the Golden Rules of Certificates section. Every IT Pro and Developer should have a basic grasp of certificates and how they work. It will take you less than 5-10 minutes to read that article and will save you struggling in future.

Now you’ve read that article above, you know to trust a certificate you must trust the CA that issued the certificate. With the askers problem it was getting the certificates from a VMware vCentre server, which is easy as peas, because it gives you the option to download them on the main screen like so;

Note: If you download the certs they come in a zip file, extract them out of that zip file, (or you won’t see “Open As” on your right click menu when you want to import the certificate(s)).

Now normally you will get four files, two are CRL (Certificate Revocation List) files we won’t be needing those but the two remaining files (the ones with the .crt extension) right click > Open With > Select Crypto Shell Extensions (Note: If you don’t do this the file may open in notepad, and just show you the certificate as a PEM file).

 

Import or Trust a Certificate

Install Certificate > Select “Local Machine” > Next > Select “Place all certificates in the following store” > Next.

Finish > OK.

You can now see I don’t have any certificate errors, (if yours still does, check the Golden Rules of Certificates (see above) , one of them still broken).

I can’t See a Root Certificate! (or Root CA Certificate) In some cases you may need to select the Certification Path tab select the CA certificates (there may be a few in the ‘chain’ look at each certificate and import them one by one, going up the chain all the way to the root certificate at the top.

Related Articles, References, Credits, or External Links

NA