How To Trust a Root Certificate in Windows and Mac

Overview - How To Install a Root CA in Windows

As mentioned in the CA Overview for a CA to be trusted by an organization it has to be added to the trusted root store of all their devices. This guide will guide you on how to install it in Windows Certificate Root Store.

Getting the Root CA Certificate from EZCA

  1. Go to https://portal.ezca.io/
  2. Navigate to Certificate Authorities. CA Menu
  3. Click the “View Details” button for the CA you want to download the certificate from. CA Menu
  4. Click the “Download Certificate” button for the location that you want to download the certificate from. CA Details

Installing Certificate Through Intune

Usually MDM solutions is the preferred way IT Admins install internal Root CAs as a trusted authority in all of the corporate devices. To do this in Microsoft Intune, follow this guide

How To Trust The Root Certificate In Windows

How To Trust a Root CA in Windows - Video Version

In Windows, Root CAs can be added in two different stores: The User store (Only for the current user), The Local Store (For all users, Require Administrator Permissions)

Installing The Root CA Certificate In The User Store

  1. Search in the Windows search bar for “Manage user certificate”. Open User Store
  2. Click on the application.
  3. Select the “Trusted Root Certificate Authorities” folder. Windows Trusted Root Certificate Authorities Store
  4. Select the “Certificates” folder. Windows Store Trusted Root Certificates
  5. Right Click on any whitespace.
  6. Select All Tasks -> Import. How To Import Root Certificate to Windows Store
  7. Click “Next” on the first page of the wizard.
  8. Click the “Browse…” button Select Certificate You Want to import Windows Store
  9. Select The Root certificate you are trying to import.
  10. Click “Next”
  11. Click “Next” Windows Store
  12. Click “Finish”, now certificates issued by this CA will be trusted by your user. Finish Root Certificate import

Installing In The Local Store

  1. Search in the Windows search bar for “Manage computer certificate”. Open Local Store
  2. Click on the application.
  3. Select the “Trusted Root Certificate Authorities” folder. Windows Trusted Root Certificate Authorities Store
  4. Select the “Certificates” folder. Windows Store
  5. Right Click on any whitespace.
  6. Select All Tasks -> Import. Windows Store
  7. Click “Next” on the first page of the wizard.
  8. Click the “Browse…” button Windows Store
  9. Select The Root Certificate you are trying to import.
  10. Click “Next”
  11. Click “Next” Windows Store
  12. Click “Finish”, now certificates issued by this CA will be trusted by all users on this machine. Finish importing the root certificate to windows

Installing Root Certificate In MacOS

  1. Search and open “Keychain Access”. Keychain Access Mac Store
  2. On the left menu click on System. Mac Store
  3. On the top menu click File -> Import Items.
  4. Select the Certificate you want to import. Trust Root Certificate in Mac Store
  5. Enter your Admin Password
  6. This will add the certificate but it will not be trusted by the system. Mac Store
  7. double click the certificate in the certificate list.
  8. A window with the certificate details will be opened. Mac Store
  9. Expand the Trust menu. Mac Store
  10. Change the “When using this certificate:” to “Always trust” Trust Certificate in MacOS
  11. Close the window with the certificate details.
  12. Enter your Admin Password
  13. Your Certificate is now trusted (You might have to reboot for all changes to take effect) Mac Store