Install the Certificate Authority

Owned by Harish Agrawal
Last updated: Apr 06, 2022

Copied from https://www.dionysopoulos.me/forge-your-own-ssl-certificates-for-local-development.html#Install_the_Certificate_Authority_529

Install the Certificate Authority

All browsers share an operating system level certificate authority store. This means that adding our CA Root certificate on one browser will make it available on all browsers on your system, as well as other application. There are a few exceptions to that rule. Firefox does its own thing, so you MUST add the Root CA certificate to it separately. Moreover, some applications will not use the OS-wide CA store, e.g. Bash on Ubuntu on Windows, CLI tools like cURL and scripting languages such as PHP (which expect you to configure your own CA cache). The following instructions deal with web browsers only and only for the three major desktop operating systems. Adding CA roots to mobile OS ranges from almost impossible at worst to very complicated at best. If you need it (you develop mobile apps), you know how to do it.

Windows (Chrome, Opera, Internet Explorer, Microsoft Edge)

  • Press the Windows key and R at the same time

  • Type certmgr.msc and press ENTER

  • You’ll get the UAC dialog. Click on Yes.

  • Double click on the Trusted Root Certification Authorities folder entry. You now see a Certificates folder entry.

  • Right click on the Certificates folder entry, choose All Tasks, Import.

  • Select the Root CA certificate file you created, stored in c:\Apache24\ca\certs\ca.cert.pem

  • You are asked about the certificate store, confirm it’s Trusted Root Certification Authorities.

  • Accept everything and close all dialogs.

  • Close and restart all browsers.

Firefox (all Operating Systems)

Unlike other browsers, Firefox uses its own certificate authority store. We need to add our CA root there:

  • Click on the hamburger menu, Options

  • Click on Advanced, then on the Certificates tab

  • Click on the View Certificates button

  • Click on the Authorities tab, then on the Import button

  • Select the Root CA certificate file you created, stored in c:\Apache24\ca\certs\ca.cert.pem

  • You see check boxes about the intended trust, select all of them.

  • Accept everything and close all dialogs.

  • Close and restart the browser.

Linux (Google Chrome and Opera)

  • Go to Chrome settings, Show advanced settings, HTTPS/SSL, Manage Certificates.

  • Now click on the Authorities or Trusted Root Certification Authorities tab depending on your operating system.

  • Click the Import button.

  • Select the Root CA certificate file you created, stored in c:\Apache24\ca\certs\ca.cert.pem

  • You see check boxes about the intended trust, select all of them.

  • Accept everything and close all dialogs.

  • Close and restart the browser.

macOS (All browsers except Firefox)

  • Open the “KeyChain Access” and choose “System KeyChain” and “Import File”

  • Alternatively, double click the certificate on your desktop. You will be asked to enter your macOS password.

  • Add the certificate to the System keychain, not the Login keychain.

  • Double click on the certificate you just added in Keychain Access.

  • Expand the Trust section.

  • Set When using this certificate to Always Trust.

  • Restart all your browsers

Especially for Chrome, remember that it never really quits. It lingers in the background. You need to press CMD-Q twice in an open Google Chrome window to really quit it. If the instructions seem to not be working try logging off and logging back on.