You must import the root certificate and any intermediate certificates in the certificate chain into the Windows local computer certificate store.

If the TLS server certificate that you imported from the intermediate server is signed by a root CA that is known and trusted by the Connection Server host, and there are no intermediate certificates in your certificate chains, you can skip this task. Commonly used Certificate Authorities are likely to be trusted by the host.

Procedure

  1. In the MMC console on the Windows Server host, expand the Certificates (Local Computer) node and go to the Trusted Root Certification Authorities > Certificates folder.
    • If your root certificate is in this folder, and there are no intermediate certificates in your certificate chain, skip to step 7.
    • If your root certificate is in this folder, and there are intermediate certificates in your certificate chain, skip to step 6.
    • If your root certificate is not in this folder, proceed to step 2.
  2. Right-click the Trusted Root Certification Authorities > Certificates folder and click All Tasks > Import.
  3. In the Certificate Import wizard, click Next and browse to the location where the root CA certificate is stored.
  4. Select the root CA certificate file and click Open.
  5. Click Next, click Next, and click Finish.
  6. If your server certificate was signed by an intermediate CA, import all intermediate certificates in the certificate chain into the Windows local computer certificate store.
    1. Go to the Certificates (Local Computer) > Intermediate Certification Authorities > Certificates folder.
    2. Repeat steps 3 through 6 for each intermediate certificate that must be imported.
  7. Restart the Connection Server service to make your changes take effect.
  8. If you use HTML Access, restart the Blast Secure Gateway service.