Installing LAFN Certificates on Vista

This procedure was performed using the following system:

Acer Aspire 3680 (laptop)
Intel Celeron M CPU 520@1.6GHz
512MB RAM
Windows Vista Home Basic (ver 6.0.6000)

VERY IMPORTANT: You must be logged into an Administrator account before beginning this procedure.

open Internet Explorer 7.
navigate to www.lafn.org
click on _Current Users_ in the left pane
click on _Frequently Asked Questions_ (FAQ) in the right pane
click on item 2.7 (_How do I avoid having to accept certificates each time I use them?_)
you will see a table with two links (PEM format and DER format) for each of the four certificates (mail.lafn.org, smtp.lafn.org, www.lafn.org, admin.lafn.org)
perform steps 8 through 13 for each of the certificates:
right-click on the _PEM format_ link
click on the "Save Target As..."
the filename will be "???.cert.htm"
click the "Save" button (see Fig. cert-01)

Fig. cert-01
after the download is done, you may need to close the "Download Complete" window by clicking the "Close" button (see Fig. downloadComplete).

Fig. downloadComplete
repeat the preceding steps for the remaining three certificates
there should now be four certificates on the desktop similar to Fig. desktopCerts.

Fig. desktopCerts
right-click on the desktop Internet Explorer icon, then click on "Properties"; this will open "Internet Properties".
clear the cache by clicking on the "Delete..." button of the "General" tab (see Fig. clearCache)

Fig. clearCache
click the "Delete files..." button (see Fig. deleteCache)

Fig. deleteCache
click the "Yes" button to confirm, "Are you sure you want to delete all temporary Internet Explorer files?"
it may take several seconds to clear the cache. When it is done, click the "Close" button to return to Internet Properties.
click on the "Content" tab, you should see Fig. internetPropertiesContent

Fig. internetPropertiesContent
click on the "Certificates" button in the middle of the window; you will get the Certificates window as shown in Fig. Certificates-1.

Fig. Certificates-1
click on the "Trusted Root Certification Authorities" tab as shown in Fig. Certificates-2

Fig. Certificates-2
perform steps 24 through 40 for each of the certificates:
click the "Import..." button; you will start the Certificate Import Wizard as shown in Fig. CertWiz-1

Fig. CertWiz-1
click the "Next" button; you will get the "File to Import" screen as shown in Fig. CertWiz-2

Fig. CertWiz-2
click on the "Browse..." button to go to the "Open" dialog box (see Fig. Open-1)

Fig. Open-1
click on "Desktop" in the left column to look on the Desktop
VERY IMPORTANT: click on the "X.509 Certificate (*.cer;*.crt)" drop-down button at the lower right and select "All files (*.*)". (see Fig. Open-2)

Fig. Open-2
scroll down, locate the first certificate (admin.cert.htm), and click on it to select it (see Fig. Open-3)

Fig. Open-3
click the "Open" button to open the certificate and to return to the Certificate Import Wizard (see Fig. CertWiz-3)

Fig. CertWiz-3
click the "Next" button
the "Certificate Store" window will open; if necessary, click the "Place all certificates in the following store" radio button (see Fig. CertWiz-4) to select it.

Fig. CertWiz-4
If the "Certificate Store" field does not show "Trusted Root Certification Authorities", click the "Browse..." button, select "Trusted Root Certification Authorities" and click the "OK" button (see Fig. selectStore).

Fig. selectStore
click the "Next" button of the Certificate Store window
you will see the "Completing the Certificate Import Wizard" window as shown in Fig. CertWiz-5. click the "Finish" button.

Fig. CertWiz-5
you may get a "Security Warning" window as shown in Fig. securityWarning. Click the "Yes" button.

Fig. securityWarning

the correct sha1 thumbprints for each of the certificates are:

admin:  fb e6 5b 53   37 22 8b 96   04 65 bb 41   b4 af 53 e9   6a 1d 9e 2a
 mail:  f6 25 87 89   d8 fc d5 81   94 fa 4a 86   21 ae 52 4a   df ad ae 11
 smtp:  7d 8c 05 ed   6d 7c fa 7a   a7 93 56 90   f3 cc bf 06   2e 80 fe c4
  web:  43 d0 b5 90   36 04 6a 38   73 d4 f6 ae   88 40 8f cb   e5 2a 2b 27

you should see the Certificate Import Wizard message, "The import was successful." (see Fig. CertWiz-6). click the "OK" button.

Fig. CertWiz-6
the Certificates window should now show "admin.lafn.org" in the "Trusted Root Certification Authorities" tab as shown in Fig. Certificates-3.

Fig. Certificates-3
repeat the preceding steps for the remaining three certificates
close the Certificates window by clicking the "Close" button.
close the Internet Properties window by clicking the "OK" button.
open Internet Explorer
you should now be able to click on Current Users then User Services without being accosted about certificates.

Firefox is a lot easier to add the admin certificate for:

navigate to www.lafn.org
click on _Current Users_ in the left pane
click on _User Services_ in the right pane
you will receive a window that says, "Website Certified by an Unknown Authority" (see Fig. FirefoxCertWarning)

Fig. FirefoxCertWarning
click the "Accept this certificate permanently" radio button
click the "OK" button
enter your userid (ie: "at127", not "at127@lafn.org") and password
check the "Use Password Manager to remember this password" checkbox if you want Firefox to remember your userid and password for this page.
click the OK button
that's it.
you can verify the existence of the certificate by clicking Tools, then Options, then the Advanced button, then the Encryption tab (see Fig. FirefoxOptionsAdvanced)

Fig. FirefoxOptionsAdvanced
click the "View Certificates" button then click the "Websites" tab. You will see the admin.lafn.org certificate as shown in Fig. FirefoxCertManager.

Fig. FirefoxCertManager
click "OK" then "Cancel" to return to Firefox.

this page updated October 9, 2007, 0635 pdt