Forum Discussion

schmitty's avatar
schmitty
Icon for Bronze III rankBronze III
3 months ago

PKI (Public Key Infrastructure) Practical

I am stuck at  8. Install your root certificates in Firefox.

with firefox i got the Error :

This is not a certificate authority certificate, so it can’t be imported into the certificate authority list

With Chromium i get a precice message:

Certification Authority Import Error
The file contained one certificate, which was not imported:
IMLLabPKI.com: Not a Certification Authority

What iam doing wrong?

help & support
  • NyePrior's avatar
    NyePrior
    3 months ago

    Hey schmitty

    Thanks for explaining your steps; it really helped spot where the problem was! You'll need to import the CA certificate you created, not the X509 certificate. As you created your own CA and used it to issue certificates, Firefox must trust the CA for those issued certificates to be trusted, which is why you import ca.crt instead of myserver.crt. Hope this helps!

  • KieranRowley's avatar
    KieranRowley
    Icon for Community Manager rankCommunity Manager
    3 months ago

    Hi schmitty - welcome to The Human Connection.

    Please let me discuss this with the lab author. In the meantime, could you provide a bit more detail about the steps you taken so far?

    • schmitty's avatar
      schmitty
      Icon for Bronze III rankBronze III
      3 months ago

      It is https://immersivelabs.online/labs/pki/role/technical-fundamentals/series/encoding-and-encryption

      It is a walktrough:  create ca.key and ca.crt

      Then create myserver.key

      With myserver.key a myserver.csr is created

      the myserver.csr with ca.crt and ca.key is tuned into a X509 called myserver.crt

      myserver.key is cp to myserver.pem and myserver.crt >> myserver.pem.

      with myserver.pem a simple s_server is startet with https://IMLLabPKI.com:4433/index.html

      Firefox does not know the myserver.pem so the X509 myserver.crt muss be imported, but the Browser denies.

      • NyePrior's avatar
        NyePrior
        Icon for Immerser rankImmerser
        3 months ago

        Hey schmitty

        Thanks for explaining your steps; it really helped spot where the problem was! You'll need to import the CA certificate you created, not the X509 certificate. As you created your own CA and used it to issue certificates, Firefox must trust the CA for those issued certificates to be trusted, which is why you import ca.crt instead of myserver.crt. Hope this helps!