Super User
Super User

Questions tagged [trusted-root-certificates]

Trusted root certificates are used by a computer or device for secure communications and file/program authentication.

For a program or operating system to be able to cryptographically "trust" a file or remote server it does not know the origin of or have control over, a certificate is issued by a certificate authority. The certificate is itself issued a certificate. The certificates which are not certified are called "root" certificates because there is nothing above them, similar to the root directory of a drive or website. These are in most cases trusted by default by operating systems and web browsers and called "trusted root certificates". Many countries and businesses issue these for their citizens and employees to use in secure communications. Companies like Verisign, Thawte and others maintain trusted root certificates that are then used to trust certificates that are sold to private websites, who use them for HTTPS communicate with web browsers.

Questions that have to do with defective or malfunctioning certificates and certificate errors should have this tag.

Microsoft has a good page on the subject: http://technet.microsoft.com/en-us/library/cc700843.aspx

97 questions
308
votes
8 answers

How do you add a certificate authority (CA) to Ubuntu?

My work has decided to issue their own certificate authority (CA) to handle different aspects of our work securely without paying for certificates. Cryptographically sign emails Encrypt email contents Make access to things like the company IRC…
Xeoncross
  • 4,842
69
votes
12 answers

Why won't OS X trust GitHub's SSL certificate?

When I go to any github.com page in Chrome, I get a big ugly error: You attempted to reach github.com, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server…
Trevor Dixon
  • 916
40
votes
3 answers

View / install certificates for local machine store on Windows 7

On Windows 7 (Windows 7 Professional x64), how can I view and install certificates in the local machine store? The certmgr.msc plugin allows me to view certificates installed in the current user store, but not the local machine store. I am…
richzilla
  • 2,463
30
votes
1 answer

Where are digital certificates physically stored on a Mac OS X machine?

Can someone tell me and maybe link to literature which describes it, where are the digital certificates storage location on Mac OS X? I know I could access the certificates with the “Keychain” application. But where are the certificates stored on…
Opa114
  • 461
17
votes
3 answers

How to make Chrome trust Windows system root CA certificate?

Our corporate machine administrators distribute corporate root CA certificates via Active Directory, but Chrome does not trust system certificates by default. Is there any way to tweak Chrome to trust those certificates, instead of manually add them…
Franklin Yu
  • 806
13
votes
3 answers

Adding Self-Signed Certificate to Trusted Root Certificate Store using Command Line

Is there a way to add a certificate to the Local Computer's Trusted Root Certification Authority using command line? I tried using certmgr.exe, it shows success, but when I check root CA, i don't see my certificate there. I followed the guide here:…
Johnydep
  • 1,155
10
votes
3 answers

Deploy root certificate to Firefox on Mac OS X

I want to know how to deploy a root certificates for the Firefox on Mac OS X. I've found some solutions to do it on Windows and it works like a charm. Now I want to do the same on Mac OS X. we have many clients with this OS and it would be…
Michael Walter
  • 271
10
votes
1 answer

DST Root CA X3 expiration on Windows7. Which update I need to install? Are there workarounds?

I'm on Windows 7 SP1 and today, September 30, I faced with the expiration of DST Root CA X3 certificate. The problem (which will probably affect millions of users) is perfectly described here:…
user90726
  • 883
10
votes
3 answers

Can't make Chrome to trust my certificate

I am serving web pages inside LAN with my own certificate, signed by my own CA. Chrome warns connection is not trusted with the following details: I am trying to add inthemoon-ca to Trusted Root Certification Authorities by various ways and the…
Dims
  • 13,414
9
votes
5 answers

How to import a root certificate into a Synology server?

I am looking for a way to import a root certificate in a Synology server (the certificate comes from a ssl intercepting proxy). I have copied the certificate to /usr/share/ca-certificates/ And changed the permissions to 744 and owner…
Christian
  • 501
8
votes
2 answers

Where to get certificates for Acrobat PDF

When sending an invoice in PDF format, it is useful (in some countries obligatory) to sign this PDF digitally. Of course, I could create a self-signed certificate via OpenSSL, but a warning "could not verify certificate" in the PDF rather reduces…
BurninLeo
  • 243
8
votes
6 answers

Can't validate signature on PDF

I can't validate a signature on a PDF. Some important information about the PDF certificate: Validity Start : 2011/12/21 Validity End : 2012/12/20 Signature Date : 2012/12/23 The error is The selected certificate path has errors: Not time valid I…
Shumon Saha
  • 758
6
votes
2 answers

Checking suspicious (root CA) certificates

I was just looking at my certificate store and saw a bunch of root CAs that look kind of suspicious; specifically numerous ones that: have ALL CAPS text use foreign languages/text have extremely long expiration dates include every certificate…
Synetech
  • 69,547
5
votes
2 answers

Why is the local certificate store missing in Windows 8.1?

I am trying to import a self-signed certificate into the local certificate store of the Trusted Root CAs on my Windows 8.1 machine, but that store is missing. Importing it into the Trusted Root CAs store doesn't work (i.e. browsers keep telling me…
user1301428
  • 3,435
  • 13
  • 40
  • 57
5
votes
1 answer

Incorrect Authority Key Identifier on openssl end cert

I'm getting interesting results when signing an end-server certificate using an intermediate CA using openssl. I have a Root CA which looks like this: Serial Number: 14296918985177649921 (0xc668dc11960d5301) Issuer: C=US, ST=xROOTx, L=xROOTx,…
Huckle
  • 628
  • 1
  • 8
  • 24
1
2 3 4 5 6 7