When you request SecureNT Intranet SSL, we send you an email with a zip file containing the files listed below.

1. Issued SSL Certificate (File: server.cer)
2. Private key (File: serverkey.cer) (Note: If you have shared CSR then this file is on your server where you generated the CSR. So, so it is not included.)
3. SecureNT Intranet Root Certificate (File: SecureNT Intranet Root CA.cer)
4. SecureNT Intranet Intermediate Certificate (File: SecureNT Intranet Intermediate CA.cer)
5. SecureNT CA Bundle – Root+Intermediate (File: SecureNT CA-Bundle.cer) (optional)
6. Issued SSL Certificate with the Root Certificates and Private Key in PFX (P12 or PKCS#12) format (File: server.pfx). Please note PFX file is password protected. Password is mentioned in the mail. (Note: If you have shared CSR then you get issued Certificate with CA roots in p7b format. File: server.p7b)

Let us see what file is used where during the installation.

Installation on the Server

Here we install the SSL certificate on the server that hosts your web application.

On the server, you must install the issued cert (server.cer #1) as well as the two CA Certificates (SecureNT Intranet Root CA.cer #3 and SecureNT Intranet Intermediate CA.cer #4).

If the CSR was not generated on the server, you will have to install the Private Key (serverkey.cer #2) also.

Installation of the server.pfx #6 (or  server.p7b) typically accomplishes this task because it contains all 4 or 3 of these files.

But frequently, things are not straightforward. The installation procedure may vary based on the operating system and web server being used. On this subject, there is a ton of information online, so it won’t be rehashed here. However, if you run into any problems send us an email at support@intranetssl.net with specific details (server operating system name, web server, version, what steps you followed, what error you got etc.)

Particularly we wish to draw your attention to following two cases.

a. Installation of SSL for SQL data encryption.

b. Installation of SSL on Windows in Azure environment.

Both requires a special PFX file. While requesting the certificate let us know about this in the form.

Installation on the Client machines

These are the machines that are going to access the web application hosted on the server. On each of them, you must install the SecureNT CA root certificates (SecureNT Intranet Root CA.cer #3 and SecureNT Intranet Intermediate CA.cer #4) once only.

They could be installed manually by going to each PC and doing the certificate import (for steps see below), or if you have Microsoft Group Policy, you can easily install them on each of the client PC. Here is the link for installation using Microsoft Group Policy.

SecureNT CA-Bundle.cer (#5) has both CA Certificates in a single file but most client operating systems (Windows 10 or macOS) don’t allow them to install in a single step. We have provided this file because some PKI tools require it during the installation.

Steps to install SecureNT Intranet CA Certificates on Windows Client PCs

One can choose anyone of the following two procedures to install CA certificates on Windows Clients PCs. Once done they are used by Microsoft Edge, Google Chrome and Mozilla Firefox browsers.

a. Installation of Root and Intermediate Certificates individually

Follow below mentioned steps for installation of SecureNT-Intranet-Root-CA.cer and SecureNT-Intermediate-CA.cer one by one, in succession.

  1. Right-click on the file name in Windows Explorer. Click on “Install Certificate”.
  2. You will see “Do you want to open this file?” Click “Yes.”
  3. You will see “Certificate” Click on “Install Certificate”
  4. You will see “Welcome to the Certificate Import Wizard”
  5. Against the Store location select “Local Machine” and click “Next”.
  6. You will see “Do you wish to allow this app to make changes to your device?” Click “Yes”
  7. You will see “Certificate Import Wizard – Certificate Store”
  8. Select “Place all the certificates in the following store”. Click “Browse”.
  9. You will see “Select Certificate Store”.
  10. a. For “SecureNT-Intranet-Root-CA.cer” select “Trusted Root Certification Authorities”
    b. For “SecureNT-Intermediate-CA.cer” select “Intermediate Certification Authorities.”
  11. Click “Next”. Click “Finish”

If you wish to automatically install them on large number of Windows PCs then you can use Microsoft Group Policy. Here is the link for installation using Microsoft Group Policy.

b. Installation of CA Certificates using PFX files

Follow below mentioned steps for the installation of SecureNT Root + Intermediate CA certificate in one go using ca-bundle.pfx, or ca-bundle-pwd.pfx file. These files (4 and 5) can be downloaded from here.

This method is simple and fast.

  1. Right-click on the file name in Windows Explorer. Click on “Install PFX.”
  2. You will see “Welcome to the Certificate Import Wizard”
  3. Against the Store location select “Local Machine” and click “Next”.
  4. You will see “File to Import” Click “Next”
  5. You will see “Private key protection”. Type the password. If none, then press ‘Enter’
  6. Select “Automatically select the certificate store based on the type of the certificate”. Click “Next”.
  7. Click “Finish”

Once installed, you can verify the installation by starting “Manage User Certificates” in Control Panel, User Accounts. You will see them under “Certificates” in “Trusted Root Certification Authorities” and “Intermediate Certification Authorities”

Installation of CA Certificates in FireFox browser

On Windows 10, the above steps are sufficient to install the SecureNT Root and Intermediate certificates for Edge, Chrome and Firefox browsers.

On Windows 11, we noticed that the certificate needs to be imported into the Firefox browser.  Use Settings, Privacy & Security, Certificates, and View Certificates. You will see “Certificate Manager”.

You can use one of the below two methods to import the CA Certificates.

a. Select the “Your Certificates” tab and click “Import”. Select ca-bundle.pfx, or ca-bundle-pwd.pfx file. Type password (inet or press ‘Enter’ for no password).

b. Select the “Authorities” Tab. Go to the “Secure Network Traffic” and Select “SecureNT Intranet Root CA”. Click “Edit Trust” Tick “This certificate can identify websites”. Repeat the same step for “SecureNT Intranet Intermediate CA”

In case, you are unable to import the CA Certificates then enter “about:config” in the address bar and continue to the list of preferences. Set the preference “security.enterprise_roots.enabled” to true. Restart Firefox.

Even after import, if you don’t see the CA certificate in the Certificate Manager then most probably Anti-virus installed on the PC is not allowing the Firefox browser to access the certificate. Create an exception or rule in the Antivirus so that SecureNT Root CA and Intermediate CA are allowed to be seen.

Check this article for more information: Setting Up Certificate Authorities (CAs) in Firefox

Note: Don’t use SecureNT-CA-Bundle.cer to install CA certificates.  It will install only intermediate CA certificate.

In case you wish to install the Root Certificates on multiple Windows PCs or in the Firefox browser read our blog here.

How to add the root certificate to Mac OS X

  1. Double-click the certificate file (with the “.cer” extension). It will start the “Keychain Access” app. Under “Add Certificate” against “Do you want to add the certificates from the file “SecureNT Intranet Root CA.cer” to a keychain?” Choose “System” from the keychain option. Then press “OK”
  2. The window pops up “Do you want your computers to trust certificates signed by <root CA> from now on? click the “Always Trust” button.
  3. Then you will see under “Keychain Access” that the certificate is added to the system entry.

Repeat the above steps for each Certificate.

In case you wish to install the Root Certificates on multiple OS X client Macs or in the Firefox browser read our blog here.


How to add the root certificate to Android device

a. In Android 11+, to install a CA certificate, users need to manually:

1. Open Device settings
2. Go to ‘Security’
3. Go to ‘Encryption & Credentials’
4. Go to ‘Install from storage’ or ‘Install a certificate’ (depending on devices)
5. Select ‘CA Certificate’ from the list of types available
6. Accept a warning alert.
7. Browse to the certificate file on the device and open it
8. Confirm the certificate installation

b. On recent Samsung device:
-> Biometrics and security
-> Other security settings
-> Install from device storage
-> CA Certificate
-> Install Anyway

Download SecureNT CA (Root) Certificates

In case, you require SecureNT CA certificates in DER (binary) format, click on the links below to download them.

  1. SecureNT Intranet Root CA Certificate
  2. SecureNT Intranet Intermediate CA Certificate
  3. SecureNT Intranet CA Certificate Chain Bundle (root & intermediate CA certificates are there in a single .cer file.)
    After the download, rename the file extension from “.txt” to “.cer” or whatever name you want.
    Downloaded root files are in DER format. In case you require them in PEM (txt) format send mail to support@intranetssl.net
  4. SecureNT Intranet CA Certificate Chain in PFX format (root & intermediate CA certificates are in PFX file format. There is no Password.) After download rename extension of “ca-bundle-pfx.docx” to “ca-bundle.pfx”
  5. SecureNT Intranet CA Certificate Chain in PFX format with Password (root & intermediate CA certificates in PFX file format. Password=inet) After download rename extension of “ca-bundle-pwd-pfx.docx” to “ca-bundle-pwd.pfx”.