Adding Self-Signed PKI to Windows Trusted Certificate Store 🌱

This is part two of a series of creating your own self-signed PKI and some ways to utilize the PKI to setup SSL for your web server or create your own OpenVPN server.

Disclaimer: I am not a security expert. This is just the easiest way I have found to create and utilize SSL for my homelab services.

Prerequisites

• A XCA PKI database https://youtu.be/ezzj3x207lQ

Exporting Certificates from XCA

1. Launch XCA
2. Open the PKI database if it is not already (File > Open DataBase), enter password
3. Click on the Certificates tab
4. Right click the Intermediate CA certificate > Export > File
5. Set the file name with a .crt extension and verify the export format is PEM (*.crt)
6. Click OK
7. Right click the Root CA certificate > Export > File
8. Set the file name with a .crt extension and verify the export format is PEM (*.crt)
9. Click OK

Importing Certificates Into Windows Certificate Store

1. Right click the Start Button > Run
2. Type mmc.exe, press enter
3. Click File > Add/Remove Snap-in...
4. Click Certificates
5. Click Add
6. Select Computer account
7. Click Next
8. Select Local computer
9. Click Finish
10. Click OK
11. Expand Certificates > Trusted Root Certification Authorities
12. Right click the second level Certificates > All Tasks > Import....
13. Click Next
14. Click Browse > Select the exported Root CA .crt file > Click Next
15. Verify Include all extended properties is checked
16. Click Next
17. Click Next
18. Click Finish
19. Expand Certificates > Intermediate Certification Authorities
20. Right click the second level Certificates > All Tasks > Import....
21. Click Next
22. Click Browse > Select the exported Intermediate CA .crt file > Click Next
23. Verify Include all extended properties is checked
24. Click Next
25. Click Next
26. Click Finish