In your case the screenshot

eigrpy · ‎08-08-2015

Hi I created a certificate by ASDM wizard. I got the certificate detail, Please see screenshot in attachment, which says:

"This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store."

My question is how to place the certificate in Trusted Root Certification Authorities store in order for This CA Root certificate is not trusted is trusted ?

Can we say Trustpoint is Trusted Root Certification Authorities store?

Thank you

Cesar Gustavo Lopez Zamarripa · ‎08-10-2015

Hi showipospf!

You can go to:

Configuration -> Device Management -> Certificate Management -> CA Certificates

There, you can add the CA Root certificate. This one is usually included in the package sent by the 3rd party Certificate Authority.

- Cesar.

Marvin Rhoads · ‎08-10-2015

In your case the screenshot is from a client. Presumably they are connecting to as ASA (at 12.1.1.1) that uses a self-signed certificate.

So the "Trusted Root Certification Authorities store" here is on the client PC. To avoid that message, the certificate must be imported locally on the PC and you must override the default selection to tell Windows to not simply trust the certificate but to trust the issuer as a certification authority.

The easiest way to do that is to browse to the ASA via https. Use your browser tools to copy the certificate locally to your PC. Right click on that downloaded file and "Install Certificate". the Certificate Import Wizard will popup. Follow the prompts making sure to choose the right store (screenshot below).

Once you're done, you can inspect the updated store if you like by using the certmgr.msc MMC plug-in for certificate management.

How to place the certificate in Trusted Root Certification Authorities store in ASA