Importing Root Certificates
When you create your own certificate authority (CA), the root certificate is self-signed; therefore, no browser will trust it by default. In other words, any browser connecting to FlowForce Server will still display a warning like "This site is not trusted". In order for an HTTP client (such as a browser) to trust your self-signed certificate, the certificate must be imported as follows:
•Into the operating system's trusted certificates store, if the browser uses the latter. On Windows, for example, Google Chrome and Microsoft Edge use the operating system's certificate store while Mozilla Firefox uses its own store. On Linux, both Google Chrome and Mozilla Firefox use their own certificate store (see next item). On Mac, Safari uses the operating system's certificate store (Keychain Access).
•Into the trusted certificates store of the browser itself.
Note •This step must be performed for each client machine (or browser, if applicable) that will access FlowForce Server. •When you enable SSL encryption between FlowForce Web Server and FlowForce Server, it is not sufficient to import the certificate into the browser. Your self-signed root CA certificate must be trusted by the operating system. |
Linux
On Linux, you can import a trusted certificate into the system's certificate store as shown below.
Perform the following steps only if you are sure of the authenticity of the certificate you want to trust. |
On Debian and Ubuntu, follow the steps below:
1.Copy the certificate file of the Web server to the following directory.
sudo cp /home/downloads/server_cert.crt /usr/local/share/ca-certificates/ |
2.Update the certificate store as follows:
sudo update-ca-certificates |
On CentOS, follow the steps below:
1.Install the ca-certificates package:
yum install ca-certificates |
2.Enable the dynamic certificate authority configuration feature:
update-ca-trust enable |
3.Copy the server certificate to the following directory:
cp server_cert.crt /etc/pki/ca-trust/source/anchors/ |
4.Use the command:
update-ca-trust extract |
For cases where you need to access the server only through the browser, it is sufficient to import the certificate into the browser certificate store. The exact instructions will vary for each browser. For example, in Firefox 59.0.2, you can do this as follows:
1.Under Options | Privacy & Security, click View Certificates.
2.On Authorities tab, click Import and browse for the root certificate file created previously.
3.When prompted, select Trust this CA to identify websites.
Mac
On macOS, you can import a trusted certificate into Keychain Access as follows.
1.Run Keychain Access.
2.Click System, and then click Certificates.
3.On the File menu, click Import Items.
4.Browse for the trusted certificate, and click Open.
5.Enter the Keychain Access password when prompted, and then click Modify Keychain.
6.Double-click the certificate, expand the Trust section, and select Always Trust.
Windows
On Windows, you can import a trusted certificate into the system certificates store as follows:
1.Open the Windows certificate store for the computer account, see Accessing Windows Certificate Store .
Perform the following steps only if you are sure of the authenticity of the Web server certificate. |
2.Under "Trusted Root Certification Authorities", right-click Certificates, and select All Tasks | Import, and follow the certificate import wizard.
For more information, see https://technet.microsoft.com/en-us/library/cc754489(v=ws.11).aspx.