Adding Self-Signed PKI to Windows Trusted Certificate Store

Exporting Certificates from XCA

1. Launch XCA
2. Open the PKI database if it is not already (File > Open DataBase), enter password
3. Click on the Certificates tab
4. Right click the Intermediate CA certificate > Export > File
5. Set the file name with a .crt extension and verify the export format is PEM (*.crt)
6. Click OK
7. Right click the Root CA certificate > Export > File
8. Set the file name with a .crt extension and verify the export format is PEM (*.crt)
9. Click OK

Importing Certificates Into Windows Certificate Store

1. Right click the Start Button > Run
2. Type mmc.exe, press enter
3. Click File > Add/Remove Snap-in...
4. Click Certificates
5. Click Add
6. Select Computer account
7. Click Next
8. Select Local computer
9. Click Finish
10. Click OK
11. Expand Certificates > Trusted Root Certification Authorities
12. Right click the second level Certificates > All Tasks > Import....
13. Click Next
14. Click Browse > Select the exported Root CA .crt file > Click Next
15. Verify Include all extended properties is checked
16. Click Next
17. Click Next
18. Click Finish
19. Expand Certificates > Intermediate Certification Authorities
20. Right click the second level Certificates > All Tasks > Import....
21. Click Next
22. Click Browse > Select the exported Intermediate CA .crt file > Click Next
23. Verify Include all extended properties is checked
24. Click Next
25. Click Next
26. Click Finish