Technical Information
Are SecureNT Root Certificates trusted by the browsers? No. SecureNT CA Root certificates needs to be installed once.
Intranet SSL certificate’s root certificate chain is not trusted by default on popular browsers like Chrome, Edge, Internet Explorer, Safari, Firefox, etc. This means that unless certain steps are taken, a client PC will get a “certificate not trusted” error when a user uses a web browser to access a website hosted on a Server with Intranet SSL.
But these steps (installation of SecureNT CA root certificates) need to be taken once only. After those steps are taken, the client PC will always trust the Intranet SSL certificate.
You can find the steps here.
Installation of SSL Certificate in Windows Azure environment is different. It requires a special password protected PFX file with Triple DES encryption. Please mention this requirement while placing request to us. We will send this special PFX file.
Installation of SSL Certificate in Windows Azure environment is different. It requires a special password protected PFX file with Triple DES encryption. Please mention this requirement while placing request to us. We will send this special PFX file.
Installation steps are given on this blog.
Leave a Reply
It says how to install the issued SSL Certificate on Ubuntu Linux. It requires ‘openssl’ package to convert the certificate from PFX to PEM format. Then one needs to copy the PEM file to /etc/ssl/certs directory.
If you asked for the Intranet SSL without CSR, you would have received server.pfx file on email.
1. Copy the server.pfx file to the Ubuntu machine
2. Ensure that openssl package is installed on Ubuntu
3. Run the following command:
sudo openssl pkcs12 -in server.pfx -passin pass:inetssl2 -out serverpfx.pem -nodes
This will create a serverpfx.pem file, which contains the issued certificate, two CA certificates and the private key.
4. Move the serverpfx.pem file to /etc/ssl/certs/
5. Update the permissions:
sudo chmod 644 /etc/ssl/certs/serverpfx.pem
6. Restart the Apache service:
sudo service apache2 restart
In case, you wish us to make the serverpfx.pem file, write back to us on support@intranetssl.net
Leave a Reply
Installation FAQ
Installation of SSL Certificate in Windows Azure environment is different. It requires a special password protected PFX file with Triple DES encryption. Please mention this requirement while placing request to us. We will send this special PFX file.
Installation of SSL Certificate in Windows Azure environment is different. It requires a special password protected PFX file with Triple DES encryption. Please mention this requirement while placing request to us. We will send this special PFX file.
Installation steps are given on this blog.
Leave a Reply
How to install or import PFX file with private key in IIS on Windows Server. Use ‘Certificates’ snap-in in MMC and Import. Next step is binding the certificate.
Step by step instructions on how to import the SecureNT Intranet SSL Certificate PFX file in Windows IIS Server (any version). It’s a two-step process.
Step-1: How to Import the PFX File in IIS
- From the Start menu, type MMC, and click OK
- In the User Account Control window, click Yes
- In the Console window, in the menu at the top, click File > Add/Remove Snap-in.
- In the Add or Remove Snap-ins window, under Available snap-ins click Certificates and then, click Add.
- In the Certificates snap-in window, choose Computer account and then, click Next.
- In the Select Computer window, select Local computer: (computer this console is running on), and then, click Finish.
- In the Add or Remove Snap-ins window, click OK.
- From the Console window, from the Console Root folder, expand Certificates (Local Computer) (the certificate file will be in Personal or Web Hosting folder).
- Right-click on the certificate file which you want to import and then click All Tasks > Import
- On the Welcome to the Certificate Import Wizard page, click Next.
- Follow the instructions to import the primary SSL certificate from the PFX file
- On the Certificate Store page, select Automatically select the certificate store based on the type of certificate.
- Double-check your settings and then click Finish
You should see “The import was successful” message.
Step-2: How to Enable the SSL Certificate
- From the start menu, search for Administrative Tools, open it, and double-click on Internet Information Services (IIS) Manager.
- Under Connections, expand your server’s name, expand Sites, and then, click the site that you want to encrypt.
- In the Actions menu, under Edit Site, click Bindings.
- In the Site Bindings window, click Add.
- In the Add Site Binding window, from the drop-down lists select: HTTPS, All Unassigned, and enter port 443.
- From the SSL certificate drop-down list, select the certificate you want to import
- Click OK and restart your IIS server
SecureNT Intranet SSL certificate is now installed on IIS.
Following article has the steps shown with screen-shots.
Leave a Reply
It says how to install the issued SSL Certificate on Ubuntu Linux. It requires ‘openssl’ package to convert the certificate from PFX to PEM format. Then one needs to copy the PEM file to /etc/ssl/certs directory.
If you asked for the Intranet SSL without CSR, you would have received server.pfx file on email.
1. Copy the server.pfx file to the Ubuntu machine
2. Ensure that openssl package is installed on Ubuntu
3. Run the following command:
sudo openssl pkcs12 -in server.pfx -passin pass:inetssl2 -out serverpfx.pem -nodes
This will create a serverpfx.pem file, which contains the issued certificate, two CA certificates and the private key.
4. Move the serverpfx.pem file to /etc/ssl/certs/
5. Update the permissions:
sudo chmod 644 /etc/ssl/certs/serverpfx.pem
6. Restart the Apache service:
sudo service apache2 restart
In case, you wish us to make the serverpfx.pem file, write back to us on support@intranetssl.net
Leave a Reply
One can use Microsoft Group Policy (GPO) to install SecureNT CA certificates on large number of PCs automatically
One can use Microsoft Group Policy to install SecureNT CA certificates on large number of PCs automatically. Here is link to our blog which explains how to do it.
Leave a Reply
This FAQ answers how to install SecureNT Root/Intermediate CA certificates on android devices including recent Samsung devices.
Please follow the below steps.
a. Android 11+ Device
In Android 11+, to install a CA certificate, users need to manually:
1. Open Device settings
2. Go to ‘Security’
3. Go to ‘Encryption & Credentials’
4. Go to ‘Install from storage’ or ‘Install a certificate’ (depending on devices)
5. Select ‘CA Certificate’ from the list of types available
6. Accept a warning alert.
7. Browse to the certificate file on the device and open it
8. Confirm the certificate installation
b. On recent Samsung device:
Settings
-> Biometrics and security
-> Other security settings
-> Install from device storage
-> CA Certificate
-> Install Anyway
Leave a Reply
Even after the installation of root certificates on the client PC, the browser gives an error that the root certificate is not trusted. Here the culprit is antivirus or endpoint security software.
This sometimes happens due to Antivirus or End Point Security software. They don’t trust non-public Root Certificates and tell the browser that the Intranet Root Certificate is not trusted.
In one case, we noticed that AVG antivirus intercepted the network connection by keeping its own SSL in between, passing an error to the browser that SecureNT Root Certificate is not trusted. The customer created an exception for the error and the browser error stopped.
This problem is not seen with Avast antivirus. Just for information.
Leave a Reply