cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

997
Views
5
Helpful
5
Replies
ryan14
Beginner

How to import a certificate used for DPI non-domain machine

What is the procedure to use to import a certificate to be trusted for DPI for a Windows 10 machine that is not on the domain? I tried exporting the root-ca from our CA as x509 format and imported that to local computer trusted root authorities, but that didn't work. I get NET::ERR_CERT_AUTHORITY_INVALID in Chrome when testing. My policy is working for a domain connected PC on my FTD appliances. They all share the same SSL/ACP policy.

1 ACCEPTED SOLUTION

Accepted Solutions

Yes, sorry it seems I was incorrect, Chrome does use the underlying OS certificate store.
Does it work if you add the certificate to the local user trusted certificate store?

View solution in original post

5 REPLIES 5
Rob Ingram
VIP Mentor

Hi,
Chrome doesn't check the Windows local Certificate store, you will need to import the certificate into Chrome application via it's security settings options, the same applies to Firefox.

HTH

Thanks for the reply. Are you sure about that? I didn't have to import anything on my domain connected PCs for the cert to be recognized by any browser (Chrome, FF, Edge, IE).

Yes, sorry it seems I was incorrect, Chrome does use the underlying OS certificate store.
Does it work if you add the certificate to the local user trusted certificate store?

View solution in original post

Yes it does. Very strange. Any idea why it would work for Current User but not Local Computer?

At a guess (not being a Microsoft expert) but I imagine it is because if the computer is not joined to an AD domain the local computer certificate store is not used.
Content for Community-Ad

This widget could not be displayed.