Import a CA Certificate from Microsoft Certificate Services

Applies To: Windows Server 2008

You can use this procedure to import a certification authority (CA) certificate from Microsoft certificate services. Installation of a CA certificate into the trusted roots store signifies that you trust authentication and encryption that is performed using certificates that are issued by that certification authority.

Membership in <Domain>\Domain Users, or equivalent, is the minimum required to complete this procedure.

To import a CA certificate from Microsoft certificate services

  1. On the sender computer requiring a CA certificate, open your browser.

  2. In your browser, connect to http://<servername>/certsrv, where <servername> is the name of the server where the certification authority (CA) you want to access is located.

  3. Click Download a CA certificate, certificate chain, or CRL.

  4. Select the encoding method you want: DER or Base 64.

  5. Do one of the following:

    • If you want to trust only the certificates issued by this certification authority, and not any subordinate certification authorities, click Download CA certificate.

    • If you want to trust all the certificates issued by this certification authority (CA), click Install this CA certificate chain.

    • In File Download, click Open.

    • When the Certificate dialog box appears, click Install this certificate.

    • In the Certificate Import wizard, click Automatically select the certificate store based on the type of certificate. This places the CA certificate in the Trusted Root store.

  6. If you are finished using the Certificate Services Web pages, close your browser.

Additional references