Caută ajutor

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Află mai multe

Acest fir de discuție a fost arhivat. Adresează o întrebare nouă dacă ai nevoie de ajutor.

Problem importing a root certificate authority from IE environment

  • 1 răspuns
  • 35 au această problemă
  • 1 vizualizare
  • Ultimul răspuns de trs1980

more options

I created a self-signed trusted root authority certificate using Microsoft's makecert utility - this is for a test environment... I imported it into the IE environment using Microsoft's MMC utility and it works fine. Using IE I can browse to our test server using https with no problem.

When I export that certificate out of the IE environment (using MMC) in a base64 format (DER also) and try to import it into Firefox I get an error, "This is not a certificate authority certificate, so it can't be imported into the certificate authority list." How can I get firefox to trust a test CA certificate?

I created a self-signed trusted root authority certificate using Microsoft's makecert utility - this is for a test environment... I imported it into the IE environment using Microsoft's MMC utility and it works fine. Using IE I can browse to our test server using https with no problem. When I export that certificate out of the IE environment (using MMC) in a base64 format (DER also) and try to import it into Firefox I get an error, "This is not a certificate authority certificate, so it can't be imported into the certificate authority list." How can I get firefox to trust a test CA certificate?

Toate răspunsurile (1)

more options

One potential cause of this problem - Firefox will not import self-signed root CA certificates that are missing the value "Subject Type=CA" in the Basic Constraints field (visible on the Details tab when you view the certificate in Windows.) Contact the person who supplied you with the test self-signed root authority certificate and tell them that they need to add that constraint to either the certificate request or the command line when making the self-signed root CA certificate. The switch on makecert is -cy authority. I found the following helpful: http://stackoverflow.com/questions/496658/using-makecert-for-development-ssl