Forum Discussion
PKI (Public Key Infrastructure) Practical
I am stuck at 8. Install your root certificates in Firefox.
with firefox i got the Error :
This is not a certificate authority certificate, so it can’t be imported into the certificate authority list
With Chromium i get a precice message:
Certification Authority Import Error
The file contained one certificate, which was not imported:
IMLLabPKI.com: Not a Certification Authority
What iam doing wrong?
Hey schmitty
Thanks for explaining your steps; it really helped spot where the problem was! You'll need to import the CA certificate you created, not the X509 certificate. As you created your own CA and used it to issue certificates, Firefox must trust the CA for those issued certificates to be trusted, which is why you import ca.crt instead of myserver.crt. Hope this helps!
4 Replies
- KieranRowley
Community Manager
Hi schmitty - welcome to The Human Connection.
Please let me discuss this with the lab author. In the meantime, could you provide a bit more detail about the steps you taken so far?
- schmitty
Bronze III
It is https://immersivelabs.online/labs/pki/role/technical-fundamentals/series/encoding-and-encryption
It is a walktrough: create ca.key and ca.crt
Then create myserver.key
With myserver.key a myserver.csr is created
the myserver.csr with ca.crt and ca.key is tuned into a X509 called myserver.crt
myserver.key is cp to myserver.pem and myserver.crt >> myserver.pem.
with myserver.pem a simple s_server is startet with https://IMLLabPKI.com:4433/index.html
Firefox does not know the myserver.pem so the X509 myserver.crt muss be imported, but the Browser denies.
- NyePrior
Immerser
Hey schmitty
Thanks for explaining your steps; it really helped spot where the problem was! You'll need to import the CA certificate you created, not the X509 certificate. As you created your own CA and used it to issue certificates, Firefox must trust the CA for those issued certificates to be trusted, which is why you import ca.crt instead of myserver.crt. Hope this helps!