Obtaining a root certificate is one of the most important steps for servers or clients that will use certificates that you issue. While this step is not necessary on the server where you installed Certificate Services, it is absolutely essential on your other servers or clients because it allows those computers to trust you as a Certificate Authority. Without that trust in place, you will either receive error messages or SSL simply won't work.
This process is broken into two steps:
- Browse to your certificate server's address, (e.g. http://<server-name>/certsrv/), and choose to retrieve the CA certificate:
- Click the link to download the CA certificate:
- Choose to save the certificate file to disk:
- Save the file to your desktop:
Before using any certificates that you issue on a computer, you need to install the Root Certificate. (This includes web servers and clients.)
- Double-click the file on your desktop:
- Click the "Install Certificate" button:
- Click "Next" to start the Certificate Import Wizard:
- Choose to automatically choose the store:
- Click the "Finish" button:
- Click "Yes" when asked if you want to add the certificate:
NOTE: This step is very important. If you do not see this dialog, something went wrong.
- Click "OK" when informed that the import was successful.