8.6.5.6     Installing a Certificate into Internet Explorer 5

There are several ways to get the root CA certificate to the Web site users. One way is to email it and have the users install it from the email. Another way is to include a download page on your Web site with a link to the certificate. A corporate-wide solution is to use Internet Explorer Administration Kit (IEAK) to push a customer Internet Explorer browser with the root CA certificate already installed into the Trusted Root CA list. However you choose to make the certificate available, one thing stays the same: the way you install the certificate into the Trusted Root CA list in Internet Explorer, as this appendix demonstrates.

NOTE: The certificate must be installed in order for Internet Explorer to trust that your site certificate is not the certificate that you just created but rather the root CA certificate, which was created when you installed Certificate Server.

For the purposes of this document, download the certificate by using the Certificate Servers Web interface, which is located at http:// <YourServerName> /CertSrv/. After you have arrived at the Welcome page, select Retrieve the CA certificate or certificate revocation list, and then click Next.

You now have two choices:

• Install this CA certification path. If you are installing the root CA certificate into the browser you are currently connected with, click the Install this CA certification path link, and it automatically installs the root CA certificate into the Trusted Root CA list in your Internet Explorer browser.
  
  After the installation is complete, you receive a confirmation page.
  
  -or-
• Download CA certificate. If you need to install the root CA certificate in any other Internet Explorer browser's root CA list, you can download it and install it as follows:

1.       Click Download CA certificate.

2.       Select Save the file to disk.

3.       Go to the location where you saved the root CA certificate, and double-click the certificate to open the Properties sheet for that certificate.

4.       Click Install Certificate to start the Certificate Import Wizard. Click Next to continue.

5.       Select Place all certificates in the following store.

6.       Click Browse and select Trusted Root Certification Authorities. Click Next.

7.       Verify the settings and then click Finish.

You receive the following message:

The import was successful.

8.       Click OK to dismiss this message, and then click OK to close the Properties sheet.

To check if you get the trusted root CA warning again, close and reopen your browser, and then go to the following Web site:

https:// <MySecureWebsite> /Postinfo.html

You have successfully added your root CA to the Trusted Root CA list in your Internet Explorer browser.

NOTE: The Postinfo.html page is a standard HTML page that is found in the root of default web site.