Install an Internal Root CA Certificate on MacOS

I needed to sign into Skype for Business Server 2015 from a Mac, connected to the customers internal network.

The certificate (Server default, Web services internal, Web services external) assigned to the SfB Front End is of course issued by the internal Microsoft CA, therefore I needed the root certificate of the Microsoft CA to be installed and trusted on the Mac.

I exported the root certificate for the Microsoft CA from the SfB Server in DER encoded binary X.509 (.CER) format to file, and then copied the file to the Mac.

Double click the certificate file (RootCAExport.cer in this example).


Keychain Access will open.

Right click on System, and then click on Unlock Keychain “System”.


Enter your password and then click Modify Keychain, this allow Keychain Access to modify the system keychain.


Browse to the folder containing the .cer file in Finder.

Drag and drop the file from Finder into the System container in Keychain Access.



The certificate has been imported into the System container; however, it is not trusted (“X500-CA” certificate is not trusted).

Double click the imported certificate to modify its properties.

Expand Trust.


Click the drop down box next to “When using this certificate:”.  Change it to Always Trust.


Enter your password and then click Update Settings to make changes to the System Certificates Trust Settings.


The certificate is now trusted and you will be able to sign into Skype for Business Server 2015.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s