FirefoxImportCACertificates » History » Version 12
Lutz Suhrbier, 07/20/2009 02:39 PM
1 | 1 | Lutz Suhrbier | |
---|---|---|---|
2 | 2 | Lutz Suhrbier | # Firefox: How to import CA certificates |
3 | |||
4 | The following sections will guide you through all necessary steps to import the certificates of the [EDIT WP 5.7 Certification Authority](http://dev.e-taxonomy.eu/trac/wiki/WP57CertificationAuthority.) |
||
5 | |||
6 | |||
7 | 11 | Lutz Suhrbier | Once you have successfully installed the certificates of the **EDIT WP 5.7 RootCA** and the **EDIT WP 5.7 ServerCA*, you should never see error messages like *Secure Connection failed** or **Connection is untrusted** when accessing EDIT web sites using certificates issued by the [EDIT WP 5.7 Certification Authority](http://dev.e-taxonomy.eu/trac/wiki/WP57CertificationAuthority.) |
8 | 3 | Lutz Suhrbier | |
9 | |||
10 | 9 | Lutz Suhrbier | **Note:** You MUST proceed the following steps for BOTH certificates. |
11 | 3 | Lutz Suhrbier | |
12 | 9 | Lutz Suhrbier | |
13 | |||
14 | 3 | Lutz Suhrbier | ## Step 1: Download certificates |
15 | |||
16 | Before starting the certificate installation procedure, you will need to store the certificate files on your computer. Please, download the files from **both** following links: |
||
17 | |||
18 | * [EDIT WP 5.7 RootCA](http://dev.e-taxonomy.eu/trac/attachment/wiki/WP57CertificationAuthority/EDIT-WP5.7-cacert.pem?format=raw) |
||
19 | |||
20 | * [EDIT WP 5.7 ServerCA](http://dev.e-taxonomy.eu/trac/attachment/wiki/WP57CertificationAuthority/EDIT-WP5.7-ServerCA-cacert.pem?format=raw) |
||
21 | |||
22 | 1 | Lutz Suhrbier | |
23 | |||
24 | 9 | Lutz Suhrbier | ## Step 2: Select the certificate file to be imported |
25 | 1 | Lutz Suhrbier | |
26 | 9 | Lutz Suhrbier | * Open your Firefox Browser |
27 | 1 | Lutz Suhrbier | |
28 | 10 | Lutz Suhrbier | * For Windows users: Select the entry _Options_ from the _Tools_ menu |
29 | 9 | Lutz Suhrbier | |
30 | 10 | Lutz Suhrbier | * For Linux users: Select the entry _Options_ from the _EDIT_ menu |
31 | 9 | Lutz Suhrbier | |
32 | |||
33 | 7 | Lutz Suhrbier | [!Firefox-Tools-Optionspng|align=center!] |
34 | |||
35 | 1 | Lutz Suhrbier | |
36 | 9 | Lutz Suhrbier | * Select the menu item _Advanced_ |
37 | 7 | Lutz Suhrbier | |
38 | 9 | Lutz Suhrbier | * Select the tab _Encryption_ |
39 | 7 | Lutz Suhrbier | |
40 | 9 | Lutz Suhrbier | * Push the button _View Certificates_ |
41 | 7 | Lutz Suhrbier | |
42 | 9 | Lutz Suhrbier | |
43 | 7 | Lutz Suhrbier | [!Firefox-Options-ViewCertificatespng|align=center!] |
44 | 1 | Lutz Suhrbier | |
45 | |||
46 | 9 | Lutz Suhrbier | * Select the tab _Authorities_ |
47 | 1 | Lutz Suhrbier | |
48 | 9 | Lutz Suhrbier | * Push the button _Import_ |
49 | 1 | Lutz Suhrbier | |
50 | 9 | Lutz Suhrbier | **Note:** Be sure that you have selected the tab _Authorities_ first ! |
51 | 7 | Lutz Suhrbier | |
52 | 9 | Lutz Suhrbier | |
53 | 1 | Lutz Suhrbier | [!Firefox-CertificateManager-Importpng|align=center!] |
54 | |||
55 | 7 | Lutz Suhrbier | |
56 | 9 | Lutz Suhrbier | * Go to the directory where you saved the downloaded certificate files |
57 | 7 | Lutz Suhrbier | |
58 | 12 | Lutz Suhrbier | * Select the file **EDIT-WP5.7-cacert.pem** or **EDIT-WP5.7-ServerCA-cacert.pem** respectively. |
59 | 7 | Lutz Suhrbier | |
60 | 1 | Lutz Suhrbier | |
61 | 7 | Lutz Suhrbier | [!Firefox-CertificateManager-SelectFileImportpng|align=center!] |
62 | 1 | Lutz Suhrbier | |
63 | 7 | Lutz Suhrbier | |
64 | 1 | Lutz Suhrbier | |
65 | 9 | Lutz Suhrbier | ## Step 2: Verify the CA certificate |
66 | 7 | Lutz Suhrbier | |
67 | 9 | Lutz Suhrbier | Before you import an EDIT CA certificate, you MUST be sure you can trust it. This can be done by examining the CA certificate fingerprints and compare them with the fingerprints published by the [EDIT WP 5.7 Certification Authority](http://dev.e-taxonomy.eu/trac/wiki/WP57CertificationAuthority) |
68 | 7 | Lutz Suhrbier | |
69 | 9 | Lutz Suhrbier | * Push the button _View_ |
70 | |||
71 | 1 | Lutz Suhrbier | [!Firefox-CertificateManager-DownloadCertificate-Viewpng|align=center!] |
72 | 7 | Lutz Suhrbier | |
73 | |||
74 | 9 | Lutz Suhrbier | * Compare the SHA1 and/or MD5 fingerprint with the relating fingerprints published by [EDIT WP 5.7 Certification Authority](http://dev.e-taxonomy.eu/trac/wiki/WP57CertificationAuthority) for **EDIT WP 5.7 RootCA** or **EDIT WP 5.7 ServerCA** respectively. |
75 | 7 | Lutz Suhrbier | |
76 | 1 | Lutz Suhrbier | [!Firefox-CertificateViewerpng|align=center!] |
77 | 7 | Lutz Suhrbier | |
78 | |||
79 | 9 | Lutz Suhrbier | * Use a second browser window and open [EDIT WP 5.7 Certification Authority](http://dev.e-taxonomy.eu/trac/wiki/WP57CertificationAuthority) to see the fingerprints |
80 | 1 | Lutz Suhrbier | |
81 | [!Firefox-CAFingerprintspng|align=center!] |
||
82 | |||
83 | |||
84 | 9 | Lutz Suhrbier | * Go back to the windows _Certificate Viewer_ and push the button _Close_ |
85 | 1 | Lutz Suhrbier | |
86 | |||
87 | 7 | Lutz Suhrbier | |
88 | 9 | Lutz Suhrbier | ## Step 3: Confirm the import of the CA certificate |
89 | |||
90 | 10 | Lutz Suhrbier | **Note:** Proceed only, if the fingerprints are identical. Otherwise, inform the editsupport@bgbm.org EDIT Support Team **immediately** ! |
91 | 9 | Lutz Suhrbier | |
92 | * Mark the entry "_Trust this CA to identify web sites_" |
||
93 | |||
94 | * Push the button _OK_ |
||
95 | |||
96 | 1 | Lutz Suhrbier | [!Firefox-CertificateManager-DownloadCertificate-OKpng|align=center!] |
97 | |||
98 | |||
99 | |||
100 | 9 | Lutz Suhrbier | ## Step 4: Import the second CA certificate |
101 | 1 | Lutz Suhrbier | |
102 | 9 | Lutz Suhrbier | You will need to import both CA certificate files, in order to have installed the full certificate chain into the browser. The browser needs the chain to successfully verify the identity of a web server presenting a web server certificate issued by the [EDIT WP 5.7 Certification Authority](http://dev.e-taxonomy.eu/trac/wiki/WP57CertificationAuthority) |
103 | |||
104 | * Repeat step 2 and 3, but select the second certificate file (_EDIT-WP5.7-ServerCA-cacert.pem_ or _EDIT-WP5.7-cacert.pem_ respectively) |
||
105 | |||
106 | |||
107 | ## Step 5: Check the existence of both CA Certificates |
||
108 | |||
109 | * Be sure, that the tab _Authorities_ is always selected |
||
110 | |||
111 | 10 | Lutz Suhrbier | * Look for the term _European Distributed Institute of Taxonomy (EDIT)_ within the list of certificates |
112 | 9 | Lutz Suhrbier | |
113 | * If you can see both EDIT CA certificates below the term mentioned above, everything is OK |
||
114 | |||
115 | 10 | Lutz Suhrbier | * Otherwise, repeat carefully steps 1-4 or contact the editsupport@bgbm.org EDIT Support Team |
116 | 7 | Lutz Suhrbier | |
117 | [!Firefox-CertificateManager-EDIT-OKpng|align=center!] |