SSL Tutorial #3: Importing Self-signed SSL Certificates for IE and Firefox

WARNING

Only import certs signed by yourself or someone you deeply trust!
Importing certs signed by untrusted person may cause great loss to you!

Internet Explorer (System cert pool)

For self-signed single website cert, you should add it to trusted root CA. For self-signed CA cert, just add the it to trusted root CA. Then all websites certs affiliated to it are automatically trusted.

  • Press Win+R.
  • Enter certmgr.msc and click OK.
  • Expand Trusted Root Certificate Authorities in left panel; Select Certificates folder.
  • On menu bar, click Action -> All tasks -> Import...
  • Click Next; Browse your certificate; Click Next; Click Next; Click Finish.
  • Click Yes to the warning.

BTW, IE might have one-day lag for the cert to take effect. You may modify computer date to verify it.

Chrome also uses system cert pool, so this should work for Chrome as well. Anyway I haven’t checked that.

Firefox

For single website cert

  • Visit that site.
  • Click I Understand the Risk.
  • Click Add Exception.
  • Click Confirm Security Exception.

For self-signed CA cert

  • Press Alt; In menu bar, click Tools -> Options -> Advanced -> Encryption -> View Certificates.
  • Click Authorities tab.
  • Click Import...; Browse and open your cert.
  • Check Trust this CA to identify websites, or check all three; Click OK.

That’s all.
Try visiting your site. If you encounter any problem, Firefox will tell you why in Technical Details.

Leave a Comment

Your email address will not be published. Required fields are marked *