How To Trust a Root Certificate

Overview

As mentioned in the CA Overview for a CA to be trusted by an organization it has to be added to the trusted root store of all their devices. This guide will guide you on how to install it in the most common Root Stores.

Getting the Certificate from EZCA

  1. Go to https://portal.ezca.io/
  2. Navigate to Certificate Authorities. CA Menu
  3. Click the “View Details” button for the CA you want to download the certificate from. CA Menu
  4. Click the “Download Certificate” button for the location that you want to download the certificate from. CA Details

Installing Certificate Through Intune

Usually MDM solutions is the preferred way IT Admins install internal Root CAs as a trusted authority in all of the corporate devices. To do this in Microsoft Intune, follow this guide

Installing Certificate In Windows

Video Version

In Windows, Root CAs can be added in two different stores: The User store (Only for the current user), The Local Store (For all users, Require Administrator Permissions)

Installing In The User Store

  1. Search in the Windows search bar for “Manage user certificate”. Open User Store
  2. Click on the application.
  3. Select the “Trusted Root Certificate Authorities” folder. Windows Store
  4. Select the “Certificates” folder. Windows Store
  5. Right Click on any whitespace.
  6. Select All Tasks -> Import. Windows Store
  7. Click “Next” on the fist page of the wizard.
  8. Click the “Browse…” button Windows Store
  9. Select The Root certificate you are trying to import.
  10. Click “Next”
  11. Click “Next” Windows Store
  12. Click “Finish” Windows Store

Installing In The Local Store

  1. Search in the Windows search bar for “Manage computer certificate”. Open Local Store
  2. Click on the application.
  3. Select the “Trusted Root Certificate Authorities” folder. Windows Store
  4. Select the “Certificates” folder. Windows Store
  5. Right Click on any whitespace.
  6. Select All Tasks -> Import. Windows Store
  7. Click “Next” on the fist page of the wizard.
  8. Click the “Browse…” button Windows Store
  9. Select The Root Certificate you are trying to import.
  10. Click “Next”
  11. Click “Next” Windows Store
  12. Click “Finish” Windows Store

Installing Certificate In Mac

  1. Search and open “Keychain Access”. Mac Store
  2. On the left menu click on System. Mac Store
  3. On the top menu click File -> Import Items.
  4. Select the Certificate you want to import. Mac Store
  5. Enter your Admin Password
  6. This will add the certificate but it will not be trusted by the system. Mac Store
  7. double click the certificate in the certificate list.
  8. A window with the certificate details will be opened. Mac Store
  9. Expand the Trust menu. Mac Store
  10. Change the “When using this certificate:” to “Always trust” Mac Store
  11. Close the window with the certificate details.
  12. Enter your Admin Password
  13. Your Certificate is now trusted (You might have to reboot for all changes to take effect) Mac Store