Description
This article describes how to view the currently installed root certificates on a host. In order for SSL certificates to be trusted, the end station must have a root certificate for the issuing Certificate Authority (CA).
Third party CA root certificates are typically installed/updated on the host via OS updates.
Internal CA root certificates are installed/updated on the host (Local Computer) via Group Policy, Software Management Distribution program or manually.
Scope
FortiNAC.
Solution
To view the list of trusted CAs on a Windows local machine:
Note: The user must be in the Administrator role in order to view certificates in the local machine store.
- Under the start menu search bar, type 'mmc' and press the ENTER key.
- If prompted to allow changes to be made to the machine, select YES.
- Under the File menu, select Add/Remove Snap In.
- In the Add or Remove Snap-ins dialog box: under Available snap-ins, select Certificates.
- Select Add.
- In the Certificates snap-in dialog box, select Computer account and select Next.
- In the Select Computer dialog box, select Finish. (The local computer should be selected by default.)
- On the Add/Remove Snap-ins dialog box, select OK.
- In the Console Root window, select Certificates (Local Computer) to view the certificate stores for the computer.
- To view the root certificates already installed on the local machine, select Certificates (Local Computer) -> Trusted Root Certification Authorities -> Certificates.
To view the list of trusted CAs on a Mac OSX machine:
- In Finder, search for Keychain Access.
- Navigate to the folder System Roots.
See the following Apple support articles for Mac OS certificate requirements:
TLS server certificates must present the DNS name of the server in the Subject Alternative Name extension of the certificate. DNS names in the CommonName of a certificate are no longer trusted. In other words, The certificate CN must be added to the SAN: otherwise, it will not be trusted by Mac OS.
