Installing a copy of the local CA certificate in a browser

 

When users access a server that provides a Secure Sockets Layer (SSL) connection, the server presents a certificate to the user's client software as proof of its identity. The client software must then validate the server's certificate before the server can establish the session. To validate the server certificate, the client software must have access to a locally stored copy of the certificate for the Certificate Authority (CA) that issued the server certificate. If the server presents a certificate from a public Internet CA, the user's browser or other client software must already have a copy of the CA certificate. If, as in this scenario, the server presents a certificate from a private local CA, each user must use Digital Certificate Manager (DCM) to install a copy of the local CA certificate.

Each user (Clients B, C, and D) must complete these steps to obtain a copy of a local CA certificate:

  1. Start DCM. Refer to Starting DCM.

  2. In the navigation frame, select Install local CA Certificate on Your PC to display a page that allows you to download the local CA certificate into your browser or to store it in a file on your system.

  3. Select the option to install the certificate. This option downloads the local CA certificate as a trusted root in your browser. This ensures that your browser can establish secure communications sessions with Web servers that use a certificate from this CA. Your browser will display a series of windows to help you complete the installation.

  4. Click OK to return to the Digital Certificate Manager home page.

Now that users can access the human resources Web server in SSL mode, these users must be able to present an appropriate certificate to authenticate to the server. Consequently, they must obtain a user certificate from the local CA.

 

Parent topic:

Scenario: Using certificates for internal authentication
Previous topic: Starting the human resources Web server in SSL mode