Trust SSL certificate to local system account
Solution 1
Follow these steps to trust a certificate system-wide:
Double-click the
.crt
file.Click
Install certificate...
, thenNext >
.Choose
Place all certificates in the following store
and clickBrowse..
.Choose
Trusted Root Certification Authorities
and clickOK
.Click
Next >
, thenFinish
.
This has however the drawback that Windows will trust any certificate signed by the same CA.
Solution 2
sorry @Dennis, but that's not the best turn, because your solution only installs the certificate for the local user, not for the complete system! It's valid and good to install personal certificates, but not root certificates!
better
- start
mmc.exe
as Admin File
>Add Snap-In
(Ctrl-M)add "Certificate" a). if you are not prompted and the snapin is added instantly, go back to 1)
b) select "Computeraccount" from popup, then proceed and select "local computer"
c) you should see "Certificate (local computer)" Snapin on the right d) confirm (OK)
Then right click the correct section, subsection "Certificates", where desired certificate should be installed to.
- Select "All Tasks" > "Import" from context menu
- then it's same up from your description point 3, normally the correct store should already be preselected because you right-clicked on it
This will fix the untrusted cert message for ALL (future) computer users and for services not running with your credentials!
Related videos on Youtube
Matteo Mosca
Updated on September 18, 2022Comments
-
Matteo Mosca over 1 year
I have the following need:
A windows service needs to connect to a svn repository through https. The service needs also to run as local system account for IO permissions on the machine.
Now when the service tries to connect to SVN, it throws an error saying that the certificate is not trusted (it's a self signed certificate).
I have no access to the service source code to add the svn option to trust certificate and accept it permanently. So I need to know how, in windows, add that SSL certificate to the local system account trusted certificates.
Is that possible, and if it is, what are the steps to do that?
Thanks.
-
Dennis over 12 yearsDo you have access to the
.crt
file? -
Matteo Mosca over 12 yearsI have it trusted on my user account, so I can export it from certmgr.msc
-
-
user2173353 almost 8 years
Then right click the correct section
. Which is that, if you try to trust a simple (not root CA) certificate on the machine? -
childno͡.de almost 8 years@user2173353 you might install them in "my certificates"
-
royalTS over 6 yearsWhat if I install the certificate as described in "my certificates", but SVN (TortoiseSVN) still ask me whether to trust the certificate?
-
childno͡.de over 6 years@royalTS then you didn't read the manual svnbook.red-bean.com/nightly/en/…
-
royalTS over 6 years@childno͡.de not sure, where you would like to point me...
-
royalTS over 6 years@childno͡.de thanks! ;) I didn´t add the CA certifcate...