Project

General

Profile

FirefoxImportCACertificates » History » Version 12

Lutz Suhrbier, 07/20/2009 02:39 PM

1 1 Lutz Suhrbier
2 2 Lutz Suhrbier
# Firefox: How to import CA certificates
3
4
The following sections will guide you through all necessary steps to import the certificates of the [EDIT WP 5.7 Certification Authority](http://dev.e-taxonomy.eu/trac/wiki/WP57CertificationAuthority.)
5
6
7 11 Lutz Suhrbier
Once you have successfully installed the certificates of the **EDIT WP 5.7 RootCA** and the **EDIT WP 5.7 ServerCA*, you should never see error messages like *Secure Connection failed** or **Connection is untrusted** when accessing EDIT web sites using certificates issued by the [EDIT WP 5.7 Certification Authority](http://dev.e-taxonomy.eu/trac/wiki/WP57CertificationAuthority.)
8 3 Lutz Suhrbier
9
10 9 Lutz Suhrbier
 **Note:** You MUST proceed the following steps for BOTH certificates.
11 3 Lutz Suhrbier
12 9 Lutz Suhrbier
13
14 3 Lutz Suhrbier
## Step 1: Download certificates
15
16
Before starting the certificate installation procedure, you will need to store the certificate files on your computer. Please, download the files from **both** following links:
17
18
* [EDIT WP 5.7 RootCA](http://dev.e-taxonomy.eu/trac/attachment/wiki/WP57CertificationAuthority/EDIT-WP5.7-cacert.pem?format=raw)
19
20
* [EDIT WP 5.7 ServerCA](http://dev.e-taxonomy.eu/trac/attachment/wiki/WP57CertificationAuthority/EDIT-WP5.7-ServerCA-cacert.pem?format=raw)
21
22 1 Lutz Suhrbier
23
24 9 Lutz Suhrbier
## Step 2: Select the certificate file to be imported
25 1 Lutz Suhrbier
26 9 Lutz Suhrbier
* Open your Firefox Browser
27 1 Lutz Suhrbier
28 10 Lutz Suhrbier
* For Windows users: Select the entry _Options_ from the _Tools_ menu
29 9 Lutz Suhrbier
30 10 Lutz Suhrbier
* For Linux users: Select the entry _Options_ from the _EDIT_ menu
31 9 Lutz Suhrbier
32
 
33 7 Lutz Suhrbier
[!Firefox-Tools-Optionspng|align=center!]
34
35 1 Lutz Suhrbier
36 9 Lutz Suhrbier
* Select the menu item _Advanced_
37 7 Lutz Suhrbier
38 9 Lutz Suhrbier
* Select the tab _Encryption_
39 7 Lutz Suhrbier
40 9 Lutz Suhrbier
* Push the button _View Certificates_
41 7 Lutz Suhrbier
42 9 Lutz Suhrbier
43 7 Lutz Suhrbier
[!Firefox-Options-ViewCertificatespng|align=center!]
44 1 Lutz Suhrbier
45
46 9 Lutz Suhrbier
* Select the tab _Authorities_
47 1 Lutz Suhrbier
48 9 Lutz Suhrbier
* Push the button _Import_
49 1 Lutz Suhrbier
50 9 Lutz Suhrbier
 **Note:** Be sure that you have selected the tab _Authorities_ first !
51 7 Lutz Suhrbier
52 9 Lutz Suhrbier
53 1 Lutz Suhrbier
[!Firefox-CertificateManager-Importpng|align=center!]
54
55 7 Lutz Suhrbier
56 9 Lutz Suhrbier
* Go to the directory where you saved the downloaded certificate files
57 7 Lutz Suhrbier
58 12 Lutz Suhrbier
* Select the file **EDIT-WP5.7-cacert.pem** or **EDIT-WP5.7-ServerCA-cacert.pem** respectively.
59 7 Lutz Suhrbier
60 1 Lutz Suhrbier
61 7 Lutz Suhrbier
[!Firefox-CertificateManager-SelectFileImportpng|align=center!]
62 1 Lutz Suhrbier
63 7 Lutz Suhrbier
64 1 Lutz Suhrbier
65 9 Lutz Suhrbier
## Step 2: Verify the CA certificate
66 7 Lutz Suhrbier
67 9 Lutz Suhrbier
Before you import an EDIT CA certificate, you MUST be sure you can trust it. This can be done by examining the CA certificate fingerprints and compare them with the fingerprints published by the [EDIT WP 5.7 Certification Authority](http://dev.e-taxonomy.eu/trac/wiki/WP57CertificationAuthority)
68 7 Lutz Suhrbier
69 9 Lutz Suhrbier
* Push the button _View_
70
71 1 Lutz Suhrbier
[!Firefox-CertificateManager-DownloadCertificate-Viewpng|align=center!]
72 7 Lutz Suhrbier
73
74 9 Lutz Suhrbier
* Compare the SHA1 and/or MD5 fingerprint with the relating fingerprints published by [EDIT WP 5.7 Certification Authority](http://dev.e-taxonomy.eu/trac/wiki/WP57CertificationAuthority) for **EDIT WP 5.7 RootCA** or **EDIT WP 5.7 ServerCA** respectively.
75 7 Lutz Suhrbier
76 1 Lutz Suhrbier
[!Firefox-CertificateViewerpng|align=center!]
77 7 Lutz Suhrbier
78
79 9 Lutz Suhrbier
* Use a second browser window and open [EDIT WP 5.7 Certification Authority](http://dev.e-taxonomy.eu/trac/wiki/WP57CertificationAuthority) to see the fingerprints
80 1 Lutz Suhrbier
81
[!Firefox-CAFingerprintspng|align=center!]
82
83
84 9 Lutz Suhrbier
* Go back to the windows _Certificate Viewer_ and push the button _Close_
85 1 Lutz Suhrbier
86
87 7 Lutz Suhrbier
88 9 Lutz Suhrbier
## Step 3: Confirm the import of the CA certificate
89
90 10 Lutz Suhrbier
 **Note:** Proceed only, if the fingerprints are identical. Otherwise, inform the editsupport@bgbm.org EDIT Support Team **immediately** !
91 9 Lutz Suhrbier
92
* Mark the entry "_Trust this CA to identify web sites_"
93
94
* Push the button _OK_
95
96 1 Lutz Suhrbier
[!Firefox-CertificateManager-DownloadCertificate-OKpng|align=center!]
97
98
99
100 9 Lutz Suhrbier
## Step 4: Import the second CA certificate
101 1 Lutz Suhrbier
102 9 Lutz Suhrbier
You will need to import both CA certificate files, in order to have installed the full certificate chain into the browser. The browser needs the chain to successfully verify the identity of a web server presenting a web server certificate issued by the [EDIT WP 5.7 Certification Authority](http://dev.e-taxonomy.eu/trac/wiki/WP57CertificationAuthority)
103
104
* Repeat step 2 and 3, but select the second certificate file (_EDIT-WP5.7-ServerCA-cacert.pem_ or _EDIT-WP5.7-cacert.pem_ respectively) 
105
106
107
## Step 5: Check the existence of both CA Certificates
108
109
* Be sure, that the tab _Authorities_ is always selected
110
111 10 Lutz Suhrbier
* Look for the term _European Distributed Institute of Taxonomy (EDIT)_ within the list of certificates
112 9 Lutz Suhrbier
113
* If you can see both EDIT CA certificates below the term mentioned above, everything is OK
114
115 10 Lutz Suhrbier
* Otherwise, repeat carefully steps 1-4 or contact the editsupport@bgbm.org EDIT Support Team
116 7 Lutz Suhrbier
117
[!Firefox-CertificateManager-EDIT-OKpng|align=center!]