Import a certificate into Windows
Import a CA certificate into the certificate keystore of a Windows machine
The importcert.py script can be used to import a certificate into the keystore of a Windows server or client machine in order to authenticate TLS communications.
Note
These optional steps need not be completed before importing the certificate, but they must be completed before testing the certificate.
Use one of the following methods to import a certificate:
Open an Administrator command prompt by clicking the Start button, typing "cmd", and selecting "Run as administrator".
Note
The script will exit with a warning if it is not run with Administrator privileges.
At the command prompt, navigate to <faircom>\tools\certman\
Execute
python importcert.pyThe script will detect the key-pair that you previously created and ask:
Would you like to import the certificate at Certs\Expires_On_2034-08-12\ca.crt?If you respond "yes", you are prompted to "Press ENTER to proceed".
If you respond "no", you are prompted for the public key filename (ca.crt in our example) to import.
The import was successful and the certificate was added to the keystore.
Click the Start button and enter "certificate".
Open "Manage user certificates"
Open the "Trusted Root Certification Authorities" folder.
Open the "Certificates" folder.
From the "Action" menu select "All Tasks" and click the "Import…" option.
Browse to find and select the CA certificate you wish to import, then click "Next".
Leave the Certificate store as "Trusted Root Certification Authorities" and click "Next"
Click "Finish"
A pop-up appears saying "The import was successful."
The import was successful and the certificate was placed in the certificate keystore.
Open "Manage user certificates"
Confirm that the imported certificate is in the "Certificates" folder underneath the "Trusted Root Certification Authorities" folder:
Test the connection using one of the following methods:
Note
Before testing, you must create a server certificate that is signed by the CA certificate you just imported and configure the FairCom server to use the server certificate.
Connect to the FairCom server.
After importing the new CA certificate, Chrome may still show an insecure connection.
This is usually caused by performing the import while Chrome is running. If you close all Chrome windows and relaunch them it should trigger a refresh of the list of trusted CA certificates. However, Chrome has at least one option that may cause it to remain running in the background after closing all windows. To force Chrome to restart, save all of your work and in the address bar enter
chrome://restart.When Chrome shows a secure connection icon to the left of the address, click the icon and you should see "Connection is secure".
Python version 3.7 and later can access the OS certificate keystore. This support may be library dependent. Follow these steps to test with the "requests" library
Install the pip-system-certs package:
pip install pip-system-certs
Run these two lines of code (change 127.0.0.1 to the address of your server):
import requests print( requests.Session().post( "https://127.0.0.1:8443/api", data = '{"api": "admin","action": "pingSession"}' ).json() )A successful run will show the following:
{'errorCode': 0, 'errorMessage': ''}