Adding ISRG Root X1 on Windows

start
run

  • mmc.exe
    ctrl-M (add/remove snap-in)
    certificates
    add
    my user account
    finish
    OK

OR

  • certmgr.msc (if available)

(browse to) Trusted Root Certificate Authorities
Certificates
(find the cert and delete it)

1 Like

Hi @rg305
I followed your instructions (option 1) and then saved the "console settings". I then restarted the laptop and ran chrome but the issue still persists

Is that where the web server runs?

Hi @rg305
Web server? Sorry, I'm not sure what that is. I'm connecting to the internet via the wifi from my home broadband router.

@mel_mel
Oh! OK.
I was thinking otherwise...
There is a post that does a good job of explaining all that is needed for older Windows PCs.
Let me see if I can find it for you...

@mel_mel
I haven't found the post I'm looking for...
But try this one:

1 Like

Hi @rg305

I have the isrgrootx1 file downloaded from your previous suggestion, but do you know what he means by "and put it on "Third Party Root Certification Authorities"". I couldn't find that option when I click on the file. Thank you for your help!

@mel_mel, you should be able to double click the file and it should show a window with an "Install Certificate ..." option. Choose Local Machine > Next > Automatically select.. > Next > Finish.

Hi @webprofusion

I had done that first time round and got the message "The import was successful" (see post 442). Unfortunately it did nothing to solve the problem.

@mel_mel sorry I'm out of ideas for now. Maybe use Firefox until things settle down a little.

Hi @webprofusion @rg305, I finally found a fix with the help of Stephen Wagner. Are you allowed to post links to other sites on here?

1 Like

Yes, please do!

Great!

Additional help from his Twitter:

"You might have better success with DER [format]. When you add them, add them to the "Computer Account" Certificate store. The 2 Root CAs go in "Trusted Root Certification Authorities" folder, and the Intermediate goes in "Intermediate Certificate Authorities""

Restart Chrome and hey presto! Hope this works for others

1 Like

One error in the linked article: He suggests adding the R3 intermediate to your trust store, but that should never be necessary.

2 Likes

Hi @jsha I added the R3 to Intermediate Certificate Authorities, is that what you mean? And when you say " that should never be necessary", will there be any issues? Thanks.

It probably won't cause any issues, but it's not really the correct thing to do. What would cause issues is if someone installed only the intermediate and not the roots. That would cause breakage down the line next time we switch intermediates.

@jsha Oh, that doesn't sound good. Is there anyway of uninstalling the R3 then? I installed it after installing the two roots

1 Like

Given that you've also installed the roots, I don't think you need to worry about it.

2 Likes

Hi @jsha Phew! Thanks for the help.

I passed the error on to him on Twitter and he said:

"Oh ya, it's not necessary"

"I just posted it because it's helping some IT admin's learn about the hierchary of certs, and there's some begineers who can't install the Root's, so having the intermediate might work"

"It's an extra step, un-needed, but it's still semi-relevant"

1 Like

The weird thing is that my instructions (double click and install it to Local Machine) should have resulted in exactly the same outcome, I think. Glad you got it working anyway :slight_smile:

3 Likes