Making Certificates Trusted
Certificates signed by a generally trusted certification authority will be automatically trusted everywhere.
Certificates that need to be made trusted:
•Self-signed certificates
•Certificates signed using some custom certification authority. The custom certification authority also has to be made trusted.
Most browsers can work with untrusted certificates while they display a warning. You can avoid the warning by adding a certificate exception; however, this is not recommended.
Adding certificates to the System Store
What does it work for?
•Components connecting to the Authentication Server
•Some browsers, for example, Internet Explorer, Microsoft Edge, Google Chrome
What does it not work for?
•Firefox
•Accessing the customer API through solutions that do not use the system store to check for certificates
Where to import within System Store?
•Current User / Local machine
oCurrent User - Only works for the current user (for example, access from a browser)
oLocal machine - Works everywhere (for example, ESA components running as Local System)
•Trusted People / Trusted Root Certification Authorities
oUse Trusted Root Certification Authorities if it is a certification authority certificate
How to import?
Use the certificate file:
1.Double-click the certificate file (for example, .crt).
2.Select Install Certificate, and follow the installation wizard instructions.
Use the MMC console:
1.Press + R, type mmc.EXE, and press Enter.
2.Click File > Add/Remove Snap-in > Certificates > Add.
3.Select Computer account, click Next.
4.Select Local computer, click Finish, then click OK.
5.In the left navigation pain expand one of these:
a)Certificates > Trusted people to import a self-signed certificate
b)Certificates > Trusted Root Certification Authorities
6.Right-click Certificates, select All Tasks > Import.
7.Follow the instructions of Certificate Import Wizard.
When installing an ESA component on a computer in Standalone mode, the invitation adds the certificate information received from the Authentication Server to the Trusted People store.