Appendix A: Install a Root CA Certificate

  • Article

To install a root CA certificate, do the following:

  1. Open Internet Explorer, click the Tools menu, and then click Internet Options.
  2. On the Security tab, click Custom Level to open the Security Settings dialog box.
  3. Under Reset custom settings, in the Reset to box, select Medium, and then click OK to close the Security Settings dialog box. Certificates cannot be installed when the security setting is set to High.
  4. Click OK to close the Internet Options dialog box.
  5. Browse to: https://IP_Address_Of_Certification_Authority_Server/certsrv.
  6. Click Download a CA Certificate, Certificate Chain, or CRL.
  7. On the next page, click Download CA Certificate. This is the trusted root certificate that must be installed on the ISA Server computer.
  8. In the File Download dialog box, click Open.
  9. In the Certificate dialog box, click Install Certificate to start the Certificate Import Wizard.
  10. On the Welcome page, click Next.
  11. On the Certificate Store page, select Place all certificates in the following store and click Browse.
  12. In the Select Certificate Store dialog box, select Show Physical Stores.
  13. Double-click Trusted Root Certification Authorities, select Local Computer, and then click OK.
  14. On the Certificate Store page, click Next.
  15. On the summary page, review the details and click Finish.

Verify that the server certificate was properly installed, as follows:

  1. Open Microsoft Management Console (MMC), and go to the Certificates snap-in.
  2. Open Certificates (local computer), double-click the Trusted Root Certification Authorities node, click Certificates, and then verify that the root certificate is in place.