This site requires JavaScript to be enabled
An updated version of this article is available

How to install Fermilab CA certificates on Windows computers

22 views

4.0 - Last modified on 2021-02-12 Revised by Carlos Salazar (Inactive)

3.0 - Last modified on 2020-11-20 Revised by Fang Wang

2.0 - Last modified on 2020-11-03 Revised by Fang Wang

1.0 - Created on 2018-11-26 Authored by Marcia Teckenbrock

 

Intended for:

 Windows users who need to install Fermilab CA certificates to use VPN or certain other applications.

 


Scenario/Use case:

Individual needs to install two Fermilab CA certificates so they may use VPN or other applications on their non-centrally managed Windows computer.  

 


Instructions:

NOTE: You must download and install two certificates, the Root CA and Fermi CA.

Windows

 

  1. In your browser, go to https://authentication.fnal.gov/certs

  2. Under “Individual files for each CA,” tap DER to download the Root CA certificate. The  Certificate Import Wizard should guide you through the remaining installation steps.  If not,  proceed to step 2.1.

    2.1 If installation does not start automatically, locate the just downloaded file, Fermilab_Root_CA.cer, (it will likely be in the Downloads folder.) Click on the file name to start installation. If asked, select the desired option for your computer, either Current User or Local Machine

  3. On the “Certificate Store” screen, select Place all certificates in the following store, and in the pop-up window, select Trusted Root Certificate Authorities.

    Warning
    NOTE: If you select all defaults during installation, it is likely that the new certificate will be placed in the Intermediate Certificate Authorities store.  You must copy or move it to the Trusted Certificate Authorities store using the Microsoft Management Console (MMC).

  4. You can move certificates between stores using Microsoft Management Console (MMC) tool that can be started from the command prompt.  In the command prompt, type mmc. Add the “Certificates” Snap-in to see all certificates stores and installed certificates.

Your certificates should now be installed. If you were installing these certificates to use with the VPN and need to install the VPN on your Windows machine please use this link for the VPN installation instructions.

In the example section further below, see snapshots of the installation in a Windows 8.1.0 computer.

 


 See Also:

 

Fermilab CA certificates – what they are and why you need them

How to install Fermilab CA certificates on mobile devices iOS & Android

How to install Fermilab CA certificates on Linux

 

 


Example (Windows 8.1.0):

 

  1. In your browser, go to https://authentication.fnal.gov/certs



  2. Under “Individual files for each CA,” tap DER to download the Root CA certificate. The  Certificate Import Wizard should guide you through the remaining installation steps.  If not, proceed to step 2.1.

    2.1 If installation does not start automatically, locate the just downloaded file, Fermilab_Root_CA.cer, (it will likely be in the Downloads folder.) Click on the file name to start installation. If asked, select the desired option for your computer, either Current User or Local Machine

    Search downloads

    Certificate import wizard


    3. On the “Certificate Store” screen, select Place all certificates in the following store, and in the pop-up window, select Trusted Root Certificate Authorities.

    Select certificate store

    Place certs in store


    Install certificate security warning


    Certificate import successful
    Warning
    NOTE: If you select all defaults during installation, it is likely that the new certificate will be placed in the Intermediate Certificate Authorities store.  You must copy or move it to the Trusted Certificate Authorities store using the Microsoft Management Console (MMC).

    4. Repeat Steps 1 through 3, but this time, download the DER file for the Fermilab CA certificate.

    5. You can move certificates between stores using Microsoft Management Console (MMC) tool that can be started from the command prompt.  In the command prompt, type mmc. Add the “Certificates” Snap-in to see all certificates stores and installed certificates.



    VPN test page