Importing Trusted CA Certificates into the Windows Certificate Store


In order for GridFTP.NET and GRAM.NET to be able to verify the certificates of remote servers and or clients, the Windows Certificate Store must be properly configured with the CA certificates you have chosen to trust (this is similar to setting up the /etc/grid-security/certificates directory for GT4). To import CA certificates into the Windows Certificate Store, it’s easiest if they are PEM-encoded with a .cer extension.


If you are trying to import certificates from GT4 or OpenSSL, they should be in the correct format, but will be named something like cert_hash.0 (for example 6d8bc02b.0). If you change the file extension from .0 to .cer, Windows should be able to recognize them.


Once your certificates have the proper extension, you can use the Microsoft Management Console (MMC) to import them into the Windows Certificate Store. To launch this tool, take the following steps:

  1. Start Menu, click Run… and type mmc
  2. In MMC, File->Add/Remove Snap-in… and click the Add button
  3. Select Certificates from the list of snap-ins and click Add.
  4. Trusted CA certificates should go in the Local Computer store so choose the Computer Account radio button. Click Next and then Finish.


Once adding the Certificate Snap-In, your MMC console should look something like this:



Right click on the Trusted Root Certification Authorities folder and choose All Tasks -> Import… to bring up the Certificate Import Wizard.


The Certificate Import Wizard will walk you through the process of selecting a certificate file and adding it to the store.


You can then repeat this process as needed to add more trusted CA certificates to the store.