Install an Internal Root CA Certificate on MacOS

I needed to sign into Skype for Business Server 2015 from a Mac, connected to the customers internal network.

The certificate (Server default, Web services internal, Web services external) assigned to the SfB Front End is of course issued by the internal Microsoft CA, therefore I needed the root certificate of the Microsoft CA to be installed and trusted on the Mac.

I exported the root certificate for the Microsoft CA from the SfB Server in DER encoded binary X.509 (.CER) format to file, and then copied the file to the Mac.

Double click the certificate file (RootCAExport.cer in this example).

macrootcert01

Keychain Access will open.

Right click on System, and then click on Unlock Keychain “System”.

macrootcert03

Enter your password and then click Modify Keychain, this allow Keychain Access to modify the system keychain.

macrootcert04

Browse to the folder containing the .cer file in Finder.

Drag and drop the file from Finder into the System container in Keychain Access.

macrootcert05

macrootcert06

The certificate has been imported into the System container; however, it is not trusted (“X500-CA” certificate is not trusted).

Double click the imported certificate to modify its properties.

Expand Trust.

macrootcert08

Click the drop down box next to “When using this certificate:”.  Change it to Always Trust.

macrootcert09

Enter your password and then click Update Settings to make changes to the System Certificates Trust Settings.

macrootcert10

The certificate is now trusted and you will be able to sign into Skype for Business Server 2015.

macrootcert07

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s