Installing a root certificate

Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

For a client computer to trust the server certificates that you have installed from a local CA, you must install the root certificate from the CA on the client computer. Follow this procedure on any client computer that requires the root certificate. Note that you can also transfer the root certificate on a medium such as a disk, and then install it on the client computer.

Install a root certificate

  1. Open Internet Explorer.

  2. On the Tools menu, click Internet Options .

  3. On the Security tab, click Custom Level to open the Security Setting s dialog box.

  4. Under Reset custom settings , in the Reset to box, select Medium , and then click OK to close the Security Settings dialog box.

  5. Click OK to close the Internet Options dialog box.

    Note: Certificates cannot be installed when the security setting is set to High .

  6. Browse to: https:// IP_Address_Of_Certification_Authority_Server/ certsrv.

  7. Click Download a CA Certificate, Certificate Chain, or CRL .

  8. On the next page, click Download CA Certificate .

    This is the trusted root certificate that must be installed on the ISA Server computer.

  9. In the File Download dialog box, click Open .

  10. On the Certificate dialog box, click Install Certificate to start the Certificate Import Wizard.

  11. On the Welcome page, click Next .

  12. On the Certificate Store page, select Place all certificates in the following store and click Browse .

  13. In the Select Certificate Store dialog box, select Show Physical Stores .

  14. Double-click Trusted Root Certification Authorities , select Local Computer , and then click OK .

  15. On the Certificate Store page, click Next .

  16. On the summary page, review the details and click Finish .

Verify that the server certificate was properly installed

  1. Open MMC, and go to the Certificates snap-in.

  2. Open Certificates (local computer), double-click the Trusted Root Certification Authorities node, click Certificates , and then verify that the root certificate is in place.

Note: You can also install certificates on a computer from the MMC Certificates (Local Computer) snap-in. This provides access only to CAs in the same domain.