Trusting Your Root CA (Windows)

  1. Ensure you have downloaded your Root CA.

  2. Click the "Start" menu, type mmc, and select "Run as administrator" to access the Windows Management Console. When prompted with the "User Account Control" window, select "Yes" to allow this program to run.

    Open MMC

  3. When the Management Console opens, navigate to File > Add/Remove Snap-in.

    Add Snap-in

  4. Select "Certificates" in the left side menu, then "Add". This will open another window.

    Adding a certificate

  5. Select "Computer account" and click "Next". Leave defaulted options on the next screen and click "Finish".

    Computer account

  6. When you return to the "Add or Remove Snap-ins" page, ensure "Certificates (Local Computer)" exists under "Console Root" in the "Selected snap-ins" section, then click "OK".

    Selected Snap-in

  7. In the left hand menu of the Management Console, navigate to Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates.

    Certificates

  8. Right click on the "Certificates" directory, then navigate to All Tasks > Import.

    Import

  9. Click "Next" on the first page of the Certificate Import Wizard, then browse to the location where you saved the downloaded certificate and open it. Then click "Next".

    Import wizard

  10. On the "Certificate Store" window, ensure that it says "Trusted Root Certificate Authorities" and click "Next". Then click "Finish" on the final screen.

    Certificate Store

  11. Select "OK" when the import is successful.

  12. Verify your server's unique <adjective-noun> Local Root CA certificate is in the "Certificates" folder:

    Verify

  13. You can save the console settings (where we added a snap-in), if desired. Your Root CA will remain imported to the CA certificate store either way, and you will likely use this guide if you need to import a new certificate.

  14. If using Firefox or Tor Browser, complete this final step