Windows 7 will not install a root certificate

certificateimportsslwindows 7

I have a web service that uses a self-signed certificate, so I need to install the certificate as a Trusted Root so that I can avoid all the security errors that having a self-signed certificate brings with it.

Using Windows 7, I'm going to:

Start > Internet Explorer > Run as Administrator > Tools > Internet Options > Content > Certificates > Trusted Root Certification Authorities > Import > (select file) > Next > OK, and Windows reports Import Successful

However, the import is NOT successful. The certificate does not show in the list of trusted roots, and certificate errors still show up.

If I import the certificate into the Trusted Publishers container, it imports correctly, but this does not solve my security errors.

Any ideas?

Best Answer

Thanks to the link posted by harrymc, I spent almost a day investigating this problem and figured out it was Windows Server 2008 default domain policy.

I suspect this problem only applies to Windows PC in a domain network environment. The default domain policy doesn't allow user to install additional certificate to Trusted Root Certification Authorities, but the worst thing is if you tried Windows 7 will still say "Import Successfull" anyway.

If you want to check whether your domain policy allow you to install certificate to Trusted Root Certification Authority, when importing the cert via certmgr.msc manually select the store and tick 'Show physical stores'. You should be able to place the cert into Trusted Root Certification Authorities\Local Computer

enter image description here

If you can't see above, then it has to be enabled via group policy editor on your Windows Server Domain Controller (client PC restart is required for it to take effect):

enter image description here