Making Certificates Trusted

Certificates signed by a generally trusted certification authority will be automatically trusted everywhere.

Certificates that need to be made trusted:

Self-signed certificates

Certificates signed using some custom certification authority. The custom certification authority also has to be made trusted.

Most browsers can work with untrusted certificates while they display a warning. You can avoid the warning by adding a certificate exception; however, this is not recommended.

Adding certificates to the System Store

What does it work for?

Components connecting to the Authentication Server

Some browsers, for example, Internet Explorer, Microsoft Edge, Google Chrome

What does it not work for?

Firefox

Accessing the customer API through solutions that do not use the system store to check for certificates

Where to import within System Store?

Current User / Local machine

oCurrent User - Only works for the current user (for example, access from a browser)

oLocal machine - Works everywhere (for example, ESA components running as Local System)

Trusted People / Trusted Root Certification Authorities

oUse Trusted Root Certification Authorities if it is a certification authority certificate

How to import?

Use the certificate file:

1.Double-click the certificate file (for example, .crt).

2.Select Install Certificate, and follow the installation wizard instructions.

Use the MMC console:

1.Press windows_key + R, type mmc.EXE, and press Enter.

2.Click File > Add/Remove Snap-in > Certificates > Add.

3.Select Computer account, click Next.

4.Select Local computer, click Finish, then click OK.

5.In the left navigation pain expand one of these:

a)Certificates > Trusted people to import a self-signed certificate

b)Certificates > Trusted Root Certification Authorities

6.Right-click Certificates, select All Tasks > Import.

7.Follow the instructions of Certificate Import Wizard.

When installing an ESA component on a computer in Standalone mode, the invitation adds the certificate information received from the Authentication Server to the Trusted People store.