Restriction: This topic applies only when the Enterprise Server feature is enabled.
To export a certificate from Internet Explorer in the appropriate format, ready for importing into Firefox:
- In Internet Explorer, click
Tools >
Internet options.
- Click the
Content tab, and then double-click
Certificates.
This opens the
Certificates dialog box.
- Click the
Trusted Root Certification Authorities tab and find the certificates marked
VeriSign. There are several notable features of these certificates:
- There are multiple certificates and each one is unique.
- These different types of certificates are used to confirm the trust of different types of identification certificates.
- Some of these certificates have passed their expiry date. However, they are still valid and should be present to prove the
trust path for certificates that were signed during their working life span.
- Some of these certificates are direct replacements for expired or about-to-expire certificates.
- The life of the replacement certificates is typically far longer than that of the original certificates. Replacing certificates
is problematic as it involves a significant amount of manual work and therefore distribution that is not often undertaken.
To avoid the distribution complication it is in the interest of all identification certificate users to use certificates with
a long life.
- Select a certificate and click
Export.
- In Certificate Export Wizard, click
Next.
- Choose the format required by your target browser. If you do not know the format required, you can generate a few of the most
common formats and save them to different files, so that the correct format is available.
Select
DER encoded binary X.509 and click
Next.
- Specify the
%ProgramFiles%\Micro Focus\DemoCA\Verisign (Windows) or
/opt/microfocus/DemoCA/Verisign (UNIX) as the name of the file to export to and click
Next.
- On the final screen notice:
- Export Keys is always "No” when handling CA root certificates.
- Include all certificates in the certification path is always “No” when using file formats that cannot support multiple certificates. When using a server certificate signed
by an intermediate CA you would usually export the complete chain of trust back to the fully trusted CARoot. In this case
we would have chosen a different format at step 6.
- File Format should match the filename extension in most cases,. Although there are times when various subformats such as .p7b and .p7c
are interchanged to aid portability of the generated output file.
- Click
Finish >
OK and the file appears in the chosen directory.
- Close all the open Internet Explorers dialog boxes.