When you request SecureNT Intranet SSL, we send you an email with a zip file containing the files listed below.

1. Issued SSL Certificate (File: server.cer)
2. Private key (File: serverkey.cer) (Note: If you have shared CSR then this file is on your server where you generated the CSR. So, so it is not included.)
3. SecureNT Intranet Root Certificate (File: SecureNT Intranet Root CA.cer)
4. SecureNT Intranet Intermediate Certificate (File: SecureNT Intranet Intermediate CA.cer)
5. SecureNT CA Bundle – Root+Intermediate (File: SecureNT CA-Bundle.cer) (optional)
6. Issued SSL Certificate with the Root Certificates and Private Key in PFX (P12 or PKCS#12) format (File: server.pfx) (Note: If you have shared CSR then you get issued Certificate with CA roots in p7b format. File: server.p7b)

Let us see what file is used where during the installation.

  1. Server: This is the server that hosts your web application. On the server, you must install the issued cert (server.cer #1) as well as the two CA Certificates (SecureNT Intranet Root CA.cer #3 and SecureNT Intranet Intermediate CA.cer #4). If the CSR was not generated on the server, you will have to install the Private Key (serverkey.cer #2) also. Installation of the server.pfx #6 (or  server.p7b) typically accomplishes this task because it contains all 4 or 3 of these files.But frequently, things are not straightforward. The installation procedure may vary based on the operating system and web server being used. On this subject, there is a ton of information online, so it won’t be rehashed here. Send us an email at support@intranetssl.net with specifics if you run into any problems.
  2. Client machines: These are the machines that are going to access the web application hosted on the server. On each of them, you must install the SecureNT CA root certificates (SecureNT Intranet Root CA.cer #3 and SecureNT Intranet Intermediate CA.cer #4) once. Therefore, they must be manually installed by going to each PC and doing the certificate import, or if you have Microsoft Group Policy, you can easily install them on each of the client PC.SecureNT CA-Bundle.cer (#5) has both CA Certificates in a single file but most client operating systems (Windows 10 or macOS) don’t allow them to install in a single step. We have provided this file because some PKI tools require it during the installation.

In case, you require SecureNT CA certificates, click on the links below to download them.

  1. SecureNT Intranet Root CA Certificate
  2. SecureNT Intranet Intermediate CA Certificate
  3. SecureNT Intranet CA Certificate Chain Bundle (root & intermediate CA certificates are there in a single .cer file.)
    After the download, rename the file extension from “.txt” to “.cer” or whatever name you want. Downloaded root files are in DER format.
    In case you require them in PEM (txt) format send mail to support@intranetssl.net
  4. SecureNT Intranet CA Certificate Chain in PFX format (root & intermediate CA certificates are in PFX file format. There is no Password.) After download rename extension of “ca-bundle-pfx.docx” to “ca-bundle.pfx”
  5. SecureNT Intranet CA Certificate Chain in PFX format with Password (root & intermediate CA certificates in PFX file format. Password=inet) After download rename extension of “ca-bundle-pwd-pfx.docx” to “ca-bundle-pwd.pfx”.

Steps to install SecureNT Intranet CA Certificates on Windows Client PCs

One can choose anyone of the following two procedures to install CA certificates on Windows Clients PCs. Once done they are used by Microsoft Edge, Google Chrome and Mozilla Firefox browsers.

a. Installation of Root and Intermediate Certificates individually

Follow below mentioned steps for installation of SecureNT-Intranet-Root-CA.cer and SecureNT-Intermediate-CA.cer one by one, in succession.

  1. Right-click on the file name in Windows Explorer. Click on “Install Certificate”.
  2. You will see “Do you want to open this file?” Click “Yes.”
  3. You will see “Certificate” Click on “Install Certificate”
  4. You will see “Welcome to the Certificate Import Wizard”
  5. Against the Store location select “Local Machine” and click “Next”.
  6. You will see “Do you wish to allow this app to make changes to your device?” Click “Yes”
  7. You will see “Certificate Import Wizard – Certificate Store”
  8. Select “Place all the certificates in the following store”. Click “Browse”.
  9. You will see “Select Certificate Store”.
  10. a. For “SecureNT-Intranet-Root-CA.cer” select “Trusted Root Certification Authorities”
    b. For “SecureNT-Intermediate-CA.cer” select “Intermediate Certification Authorities.”
  11. Click “Next”. Click “Finish”

b. Installation of CA Certificates through PFX files

Follow below mentioned steps for the installation of SecureNT Root + Intermediate CA certificate in one go using ca-bundle.pfx, or ca-bundle-pwd.pfx file. This method is simple and fast.

  1. Right-click on the file name in Windows Explorer. Click on “Install PFX.”
  2. You will see “Welcome to the Certificate Import Wizard”
  3. Against the Store location select “Local Machine” and click “Next”.
  4. You will see “File to Import” Click “Next”
  5. You will see “Private key protection”. Type Password. If none, then press ‘Enter’
  6. Select “Automatically select the certificate store based on the type of the certificate”. Click “Next”.
  7. Click “Finish”

Once installed, you can verify the installation by starting “Manage User Certificates” in Control Panel, User Accounts. You will see them under “Certificates” in “Trusted Root Certification Authorities” and “Intermediate Certification Authorities”

On Windows 10, above steps are sufficient to install the SecureNT Root and Intermediate certificates for Edge, Chrome and Firefox browser.

On Windows 11, we have noticed that the certificate needs to be imported for Firefox browser.  Use Settings, Privacy & Security, Certificates, View Certificates. You will see “Certificate Manager”. You can use one of the below two methods to import the CA Certificates.

a. Select “Your Certificates” tab and click “Import”. Select ca-bundle.pfx, or ca-bundle-pwd.pfx file. Type password (inet or press ‘Enter’ for no password).

b. Select “Authorities” Tab. Goto the “Secure Network Traffic” Select “SecureNT Intranet Root CA”. Click “Edit Trust” Tick “This certificate can identify websites”. Repeat same step for “SecureNT Intranet Intermediate CA”

In case, you are unable to import the CA Certificates then enter “about:config” in the address bar and continue to the list of preferences. Set the preference “security.enterprise_roots.enabled” to true. Restart Firefox.

Even after import, if you don’t see the CA certificate in the Certificate Manager then most probably Anti-virus installed on the PC is not allowing the Firefox browser to access the certificate. Create an exception or rule in the Antivirus so that SecureNT Root CA and Intermediate CA is allowed to be seen.

Check this article for more information: Setting Up Certificate Authorities (CAs) in Firefox

Note: Don’t use SecureNT-CA-Bundle.cer to install CA certificates.  It will install only intermediate CA certificate.

In case you wish to install the Root Certificates on multiple Windows PCs or in the Firefox browser read our blog here.


How to add the root certificate to Mac OS X

  1. Double-click the certificate file (with the “.cer” extension). It will start the “Keychain Access” app. Under “Add Certificate” against “Do you want to add the certificates from the file “SecureNT Intranet Root CA.cer” to a keychain?” Choose “System” from the keychain option. Then press “OK”
  2. The window pops up “Do you want your computers to trust certificates signed by <root CA> from now on? click the “Always Trust” button.
  3. Then you will see under “Keychain Access” that the certificate is added to the system entry.

Repeat the above steps for each Certificate.

In case you wish to install the Root Certificates on multiple OS X client Macs or in the Firefox browser read our blog here.

 


How to add the root certificate to Android device

a. In Android 11+, to install a CA certificate, users need to manually:

1. Open Device settings
2. Go to ‘Security’
3. Go to ‘Encryption & Credentials’
4. Go to ‘Install from storage’ or ‘Install a certificate’ (depending on devices)
5. Select ‘CA Certificate’ from the list of types available
6. Accept a warning alert.
7. Browse to the certificate file on the device and open it
8. Confirm the certificate installation

b. On recent Samsung device:
Settings
-> Biometrics and security
-> Other security settings
-> Install from device storage
-> CA Certificate
-> Install Anyway

Comodo SSL