Download the DNI CA certificate
Network administrators should read the next section if you would like to automatically distribute our CA certificate to all users within your domain.
All other users can download our site's
Certification Authority certificate file and open it. Your browser should guide you in this process when you follow this link.
Other applications sometimes need this certificate in the so called
PEM format. Here it is for you to cut and paste:
-----BEGIN CERTIFICATE-----
MIID3DCCA0WgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBqzELMAkGA1UEBhMCVVMx
DzANBgNVBAgTBkthbnNhczEQMA4GA1UEBxMHV2ljaGl0YTEeMBwGA1UEChMVRGF0
aWxpdHkgTmV0d29ya3MgSW5jMRkwFwYDVQQLExBJbnRlcm5ldCBIb3N0aW5nMRcw
FQYDVQQDEw5jYS5kbmlob3N0Lm5ldDElMCMGCSqGSIb3DQEJARYWaG9zdG1hc3Rl
ckBkbmlob3N0Lm5ldDAeFw0wODAyMDUwMzQyMzVaFw0yODAxMzEwMzQyMzVaMIGr
MQswCQYDVQQGEwJVUzEPMA0GA1UECBMGS2Fuc2FzMRAwDgYDVQQHEwdXaWNoaXRh
MR4wHAYDVQQKExVEYXRpbGl0eSBOZXR3b3JrcyBJbmMxGTAXBgNVBAsTEEludGVy
bmV0IEhvc3RpbmcxFzAVBgNVBAMTDmNhLmRuaWhvc3QubmV0MSUwIwYJKoZIhvcN
AQkBFhZob3N0bWFzdGVyQGRuaWhvc3QubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQDF8bZF8Psiavzg1LeefcapRtN6cUimIcCIfTU1fGdd1DnAy5OaJv2F
5PCnBnpLtocjU0Yvab0Z6Pdyr8EEgyFJiV8NQRCXesj/d9r8kBBE++IDxnoUtlAF
Ua+y8kJlU/FiThqTNCC8bnEtHi8zBZGCT5KPrAt1V1Tg5M+l0JPLzwIDAQABo4IB
DDCCAQgwHQYDVR0OBBYEFPwvc0s5oi7qbdmWrRjBRviWSKf4MIHYBgNVHSMEgdAw
gc2AFPwvc0s5oi7qbdmWrRjBRviWSKf4oYGxpIGuMIGrMQswCQYDVQQGEwJVUzEP
MA0GA1UECBMGS2Fuc2FzMRAwDgYDVQQHEwdXaWNoaXRhMR4wHAYDVQQKExVEYXRp
bGl0eSBOZXR3b3JrcyBJbmMxGTAXBgNVBAsTEEludGVybmV0IEhvc3RpbmcxFzAV
BgNVBAMTDmNhLmRuaWhvc3QubmV0MSUwIwYJKoZIhvcNAQkBFhZob3N0bWFzdGVy
QGRuaWhvc3QubmV0ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEA
FAUqxD6svJGka13wlXWIGPCgPYJiQXyky7wnJXD9m8tW4xYiMdt6PVTWR7rOhwCN
rOdCAr/8MF9G/7YokOD/hspvTouGuQ/cn43Z2v0mwiiYjmVVXdJAtTeQIbkSAnxy
b6YLsGbuxrESGfE+NGrOpGbaK/hFyniK4znIukiYobk=
-----END CERTIFICATE-----
Distributing the Root Certificate to the Trusted Root Store for All Users in a Windows Domain
To add the root certificate to the domain Group Policy for trusted root certificate authorities
You should follow these steps if your users are experiencing messages similar to "The security certificate was issued by a company you have not chosen to trust" when trying to visit secure websites that use certificates signed by DNI or messages similar to "This publisher has not been authenticated" when trying to run software signed by DNI.
Step 1 Log on to Windows by using an account that is a member of the Domain Admins group.
Step 2 On the CA, on the Windows Start menu, click Run, then run mmc.
Step 3 On the top menu, click Console.
Step 4 Click Add/Remove Snap-in.
Step 5 On the Standalone tab, click Add.
Step 6 In the Add Standalone Snap-in dialog box, click Group Policy, and click Add.
Step 7 Click Browse.
Step 8 In the Browse for a Group Policy Object dialog box, click the Domains/OUs tab.
Step 9 In the Look In list, select the domain to which you wish to distribute the certificate.
Step 10 In the Domains, Ous, and Linked Group Policy Objects list, click Default Domain Policy, and click OK.
Step 11 Click Finish.
Step 12 Close the Add Standalone Snap-in dialog box.
Step 13 Click OK to close the Add/Remove Snap-in dialog box.
Step 14 In the left pane of the console window, double-click Default Domain Policy for the desired domain to expand it.
Step 15 Click Computer Configuration > Windows Settings > Security Settings > Public Key Policies.
Step 16 Right-click Trusted Root Certification Authorities, and click All Tasks > Import.
Step 17 On the Certificate Import Wizard welcome screen, click Next.
Step 18 Browse to the location of the saved Root Certification Authority certificate, and double-click it. If you have not previously saved our Root Certification Authority certificate, click here to download the certificate.
Step 19 Click Next.
Step 20 Accept the default for the certificate store, and click Next.
Step 21 Verify the settings, and click Finish.
Step 22 Save the console settings.
Step 23 Close the console window.
