cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

170
Views
5
Helpful
5
Replies
Beginner

How to import a certificate used for DPI non-domain machine

What is the procedure to use to import a certificate to be trusted for DPI for a Windows 10 machine that is not on the domain? I tried exporting the root-ca from our CA as x509 format and imported that to local computer trusted root authorities, but that didn't work. I get NET::ERR_CERT_AUTHORITY_INVALID in Chrome when testing. My policy is working for a domain connected PC on my FTD appliances. They all share the same SSL/ACP policy.

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
RJI Advisor
Advisor

Re: How to import a certificate used for DPI non-domain machine

Yes, sorry it seems I was incorrect, Chrome does use the underlying OS certificate store.
Does it work if you add the certificate to the local user trusted certificate store?

View solution in original post

5 REPLIES 5
RJI Advisor
Advisor

Re: How to import a certificate used for DPI non-domain machine

Hi,
Chrome doesn't check the Windows local Certificate store, you will need to import the certificate into Chrome application via it's security settings options, the same applies to Firefox.

HTH
Beginner

Re: How to import a certificate used for DPI non-domain machine

Thanks for the reply. Are you sure about that? I didn't have to import anything on my domain connected PCs for the cert to be recognized by any browser (Chrome, FF, Edge, IE).

RJI Advisor
Advisor

Re: How to import a certificate used for DPI non-domain machine

Yes, sorry it seems I was incorrect, Chrome does use the underlying OS certificate store.
Does it work if you add the certificate to the local user trusted certificate store?

View solution in original post

Beginner

Re: How to import a certificate used for DPI non-domain machine

Yes it does. Very strange. Any idea why it would work for Current User but not Local Computer?

Highlighted
RJI Advisor
Advisor

Re: How to import a certificate used for DPI non-domain machine

At a guess (not being a Microsoft expert) but I imagine it is because if the computer is not joined to an AD domain the local computer certificate store is not used.
CreatePlease to create content
Content for Community-Ad
FusionCharts will render here