Adding a Trusted CA Certificate to the Computer’s Certificate Store on
Windows XP Professional
When a client connects to a Web server, and that server
accepts client certificates, it challenges the client to present a certificate
issued by list of trusted CAs. When using IIS the list of trusted CAs is obtained from the computer’s certificate store (not
the IIS Certificate Trust List (CTL) as one might expect).
- Select windows ‘start’ and then ‘Run…’.
- When the ‘Run’ dialog opens type ‘mmc /a’ to open the Microsoft Management Console
(MMC) and click ‘OK’.
- When the MMC opens select ‘File’ and then ‘Add/Remove Snap-in…’.
- When the ‘Add/Remove Snap-in’ tab pane opens select ‘Standalone’ and then click ‘Add…’.
- When the ‘Add Standalone Snap-in’ dialog box
opens select ‘Certificates’ and
then click ‘Add’.
- When the ‘Certificate snap-in’ pane opens select ‘Computer account’ and then click ‘Next >’.
- When the ‘Select Computer’ pane opens select ‘Local computer: (the computer this console is running on)’
and then click ‘Finish’.
- Close the ‘Add Standalone Snap-in’ dialog
box. Notice the new ‘Certificates (Local Computer)’
entry in the ‘Add/Remove Snap-in’
tab pane and click ‘OK’ for the
changes to take affect.
- The MMC will now have a ‘Certificates (Local Computer)’
entry under the ‘Console Root’. Open the tree ‘Console Root->Certificates (Local Computer)->Trusted
Right click on the ‘Certificates’
node and select ‘All
- When the ‘Certificate Import Wizard’ opens click ‘Next >’.
- When the ‘File to Import’
pane opens enter the file name (including the full path) of the
certificate or select ‘Browse…’.
- Browse to the desired
certificate file and then click ‘Open’.
- Once the file name is entered
click ‘Next >’.
- The ‘Certificate Store’ pane will open. Ensure ‘Place all certificates in the following store’ is selected
and the ‘Trusted Root Certification Authorities’
is listed as the ‘Certificate Store:’. Click ‘Next >’ once confirmed.
- The ‘Completing the Certificate Import Wizard’ pane will
open. Click ‘Finish’.
- When the ‘Certificate Import Wizard’ status dialog appears click ‘OK’.
- You can confirm the
certificate has been imported by looking in the certificates list.
- Repeat steps 9-17 for each CA
certificate you wish to import and then close the MMC. You do not need to save the changes to
the console for the certificates to take effect (it is simply saving the
Web Page Access Control Using PKI
PKI Lab Home
Dartmouth College PKI Lab
Last update: 26 February 2003