Windows 7 will not install a root certificate
Thanks to the link posted by harrymc, I spent almost a day investigating this problem and figured out it was Windows Server 2008 default domain policy.
I suspect this problem only applies to Windows PC in a domain network environment. The default domain policy doesn't allow user to install additional certificate to Trusted Root Certification Authorities, but the worst thing is if you tried Windows 7 will still say "Import Successfull" anyway.
If you want to check whether your domain policy allow you to install certificate to Trusted Root Certification Authority, when importing the cert via certmgr.msc manually select the store and tick 'Show physical stores'. You should be able to place the cert into Trusted Root Certification Authorities\Local Computer
If you can't see above, then it has to be enabled via group policy editor on your Windows Server Domain Controller (client PC restart is required for it to take effect):
Related videos on Youtube
04 : 31
03 : 13
![[SOLVED] A certificate chain could not be built to a trusted root authority. | Call: +919015367522](https://i.ytimg.com/vi/XB2oCSWER2g/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLB_wgWRlfXLrPvfBz0VmSLTl85otw)
06 : 54
02 : 39
05 : 56
Franz Wong
Currently a Site Reliability Engineer at Take 2 Interactive. Formerly a Site Reliability Engineer for the Stack Exchange network. Prior to my work for Stack Exchange I worked for a small software developer in Sydney, Australia.
Updated on September 17, 2022Comments
-
Franz Wong over 1 year
I have a web service that uses a self-signed certificate, so I need to install the certificate as a Trusted Root so that I can avoid all the security errors that having a self-signed certificate brings with it.
Using Windows 7, I'm going to:
Start > Internet Explorer > Run as Administrator > Tools > Internet Options > Content > Certificates > Trusted Root Certification Authorities > Import > (select file) > Next > OK, and Windows reportsImport SuccessfulHowever, the import is NOT successful. The certificate does not show in the list of trusted roots, and certificate errors still show up.
If I import the certificate into the Trusted Publishers container, it imports correctly, but this does not solve my security errors.
Any ideas?
-
Thalys over 10 yearsI noticed your answer was well written and not getting much love. I've awarded it a bounty since this sort of thing needs to be rewarded.
-
RomanSt over 9 yearsIt's impossible to tell from the second screenshot how to find this setting; it's here:
Computer Configuration\Windows Settings\Security Settings\Public Key Policies. -
gerrytan over 9 years@romkyns if you're on a domain controller server, that settings exist on multiple levels (some sort of cascading setting maybe?), hence why I didn't show it to avoid false sense of information
-
user66638 over 8 years@gerrytan I have no Local Computer option. :(
-
Pacerier over 8 years@gerrytan, What OS are your screenshots?
-
gerrytan over 8 years@Pacerier 2nd screenshot is Windows Server 2008R2, 1st is Win 7
-
gerrytan over 8 years@user66638 then you need to do it via domain controller
-
SerG about 7 yearsLocal Computer option does not exist if on first step of import Local Machine was selected. And store location selection is disabled and defined by MMC process privileges (As admin -> Current User) -
DavidPostill about 7 yearsPlease do not post the same answer to multiple questions. If the same information really answers both questions, then one question (usually the newer one) should be closed as a duplicate of the other. You can indicate this by voting to close it as a duplicate or, if you don't have enough reputation for that, raise a flag to indicate that it's a duplicate. Otherwise tailor your answer to this question and don't just paste the same answer in multiple places.
