How To Trust a Root Certificate in Windows and Mac

Overview - How To Install a Root CA in Windows

As mentioned in the CA Overview for a CA to be trusted by an organization it has to be added to the trusted root store of all their devices. This guide will guide you on how to install it in Windows Certificate Root Store.

Getting the Root CA Certificate from EZCA

1. Go to https://portal.ezca.io/
2. Navigate to Certificate Authorities.
3. Click the “View Details” button for the CA you want to download the certificate from.
4. Click the “Download Certificate” button for the location that you want to download the certificate from.

Installing Certificate Through Intune

Usually MDM solutions is the preferred way IT Admins install internal Root CAs as a trusted authority in all of the corporate devices. To do this in Microsoft Intune, follow this guide

How To Trust The Root Certificate In Windows

How To Trust a Root CA in Windows - Video Version

In Windows, Root CAs can be added in two different stores: The User store (Only for the current user), The Local Store (For all users, Require Administrator Permissions)

Installing The Root CA Certificate In The User Store

1. Search in the Windows search bar for “Manage user certificate”.
2. Click on the application.
3. Select the “Trusted Root Certificate Authorities” folder.
4. Select the “Certificates” folder.
5. Right Click on any whitespace.
6. Select All Tasks -> Import.
7. Click “Next” on the first page of the wizard.
8. Click the “Browse…” button
9. Select The Root certificate you are trying to import.
10. Click “Next”
11. Click “Next”
12. Click “Finish”, now certificates issued by this CA will be trusted by your user.

Installing In The Local Store

1. Search in the Windows search bar for “Manage computer certificate”.
2. Click on the application.
3. Select the “Trusted Root Certificate Authorities” folder.
4. Select the “Certificates” folder.
5. Right Click on any whitespace.
6. Select All Tasks -> Import.
7. Click “Next” on the first page of the wizard.
8. Click the “Browse…” button
9. Select The Root Certificate you are trying to import.
10. Click “Next”
11. Click “Next”
12. Click “Finish”, now certificates issued by this CA will be trusted by all users on this machine.

Installing Root Certificate In MacOS

1. Search and open “Keychain Access”.
2. On the left menu click on System.
3. On the top menu click File -> Import Items.
4. Select the Certificate you want to import.
5. Enter your Admin Password
6. This will add the certificate but it will not be trusted by the system.
7. double click the certificate in the certificate list.
8. A window with the certificate details will be opened.
9. Expand the Trust menu.
10. Change the “When using this certificate:” to “Always trust”
11. Close the window with the certificate details.
12. Enter your Admin Password
13. Your Certificate is now trusted (You might have to reboot for all changes to take effect)