Importing the CA's Root Certificate

Browsers typically come with certificates for well-known CAs already installed, and you rarely need to install them. If you need a CA's root certificate, you can usually download it from the CA's Web site.

The demonstration CA's certificate is not pre-installed in your browser, so you need to install it. It is supplied in the private directory of the DemoCA directory. The instructions for installing this certificate differ for different browsers but are roughly as follows:

  1. Open the Windows Internet Options - for example, run inetcpl.cpl from a command prompt.
  2. Navigate to your browser's settings, and access the certificates or certificates settings. See your browser's help for details.
  3. If your browser has a Trusted Root Certification Authorities section, navigate to this.
  4. Click Import.
  5. Use the wizard to install the CA's self-signed certificate, which is in the private folder of your DemoCA directory. Specify the file CARootCert.cer. Internet Explorer requires X509 certificates, in DER format, so only those are listed, and not the PEM format files. Other browsers can handle several types, and so they may also be listed.
  6. Look down the list under Trusted Root Certification Authorities. You will see that your Demo CA is now listed; look for its Common Name. If when you installed Micro Focus Demo CA, you chose to use your computer DNS name as the DemoCA's Common Name, it will appear different to the rest, because real CAs tend to give themselves user-friendly Common Names.