How to install Fermilab CA certificates on Windows computers
Intended for:
Windows users who need to install Fermilab CA certificates to use VPN or certain other applications.
Scenario/Use case:
Individual needs to install two Fermilab CA certificates so they may use VPN or other applications on their non-centrally managed Windows computer.
Instructions:
NOTE: You must download and install two certificates, the Root CA and Fermi CA.
Windows
- In your browser, go to https://authentication.fnal.gov/certs.
- Under “Individual files for each CA,” tap DER to download the Root CA certificate. The Certificate Import Wizard should guide you through the remaining installation steps. If not, proceed to step 2.1.
a. If installation does not start automatically, locate the just downloaded file, Fermilab_Root_CA.cer, (it will likely be in the Downloads folder.) Click on the file name to start installation. If asked, select the desired option for your computer, either Current User or Local Machine. - On the “Certificate Store” screen, select Place all certificates in the following store, and in the pop-up window, select Trusted Root Certificate Authorities.
NOTE: If you select all defaults during installation, it is likely that the new certificate will be placed in the Intermediate Certificate Authorities store. You must copy or move it to the Trusted Certificate Authorities store using the Microsoft Management Console (MMC). - You can move certificates between stores using Microsoft Management Console (MMC) tool that can be started from the command prompt. In the command prompt, type mmc. Add the “Certificates” Snap-in to see all certificates stores and installed certificates.
Your certificates should now be installed. If you were installing these certificates to use with the VPN and need to install the VPN on your Windows machine please use this link for the VPN installation instructions.
In the example section further below, see snapshots of the installation in a Windows 8.1.0 computer.
Example (Windows 8.1.0):
- In your browser, go to https://authentication.fnal.gov/certs.
- Under “Individual files for each CA,” tap DER to download the Root CA certificate. The Certificate Import Wizard should guide you through the remaining installation steps. If not, proceed to step a.
a. If installation does not start automatically, locate the just downloaded file, Fermilab_Root_CA.cer, (it will likely be in the Downloads folder.) Click on the file name to start installation. If asked, select the desired option for your computer, either Current User or Local Machine.
3. On the “Certificate Store” screen, select Place all certificates in the following store, and in the pop-up window, select Trusted Root Certificate Authorities.
NOTE: If you select all defaults during installation, it is likely that the new certificate will be placed in the Intermediate Certificate Authorities store. You must copy or move it to the Trusted Certificate Authorities store using the Microsoft Management Console (MMC).
4. Repeat Steps 1 through 3, but this time, download the DER file for the Fermilab CA certificate.
5. You can move certificates between stores using Microsoft Management Console (MMC) tool that can be started from the command prompt. In the command prompt, type mmc. Add the “Certificates” Snap-in to see all certificates stores and installed certificates.
See Also:
Fermilab CA certificates – what they are and why you need them
How to install Fermilab CA certificates on mobile devices iOS & Android
How to install Fermilab CA certificates on Linux