What is the procedure to use to import a certificate to be trusted for DPI for a Windows 10 machine that is not on the domain? I tried exporting the root-ca from our CA as x509 format and imported that to local computer trusted root authorities, but that didn't work. I get NET::ERR_CERT_AUTHORITY_INVALID in Chrome when testing. My policy is working for a domain connected PC on my FTD appliances. They all share the same SSL/ACP policy.
Yes, sorry it seems I was incorrect, Chrome does use the underlying OS certificate store. Does it work if you add the certificate to the local user trusted certificate store?
Hi, Chrome doesn't check the Windows local Certificate store, you will need to import the certificate into Chrome application via it's security settings options, the same applies to Firefox.
Thanks for the reply. Are you sure about that? I didn't have to import anything on my domain connected PCs for the cert to be recognized by any browser (Chrome, FF, Edge, IE).
Yes, sorry it seems I was incorrect, Chrome does use the underlying OS certificate store. Does it work if you add the certificate to the local user trusted certificate store?
At a guess (not being a Microsoft expert) but I imagine it is because if the computer is not joined to an AD domain the local computer certificate store is not used.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
