search cancel

Downloading and installing the Symantec Web Root CA


Article ID: 178903


Updated On:






When you activate HTTPS Inspection, SSL-encrypted web traffic is routed through the Web Security infrastructure. Before you turn on HTTPS Inspection for your Web Security service, you must do the following:

  • Download the Symantec Web Root CA from the portal.

  • Install the certificate on all of the web browsers that are connected to the Web Security service.

    Take this step to ensure that the Symantec Web Root CA is correctly authenticated by your users' browsers. If you do not install the certificate on each browser, users receive a certificate error when they access a website using HTTPS.

To download the Symantec Web Root CA from the portal

  1. In the portal, click Tools > Downloads

  2. Click the link for the Symantec Web Root CA and save the certificate to a suitable location.

You must install the certificate on all browsers that connect to the Web Security service infrastructure. You can install the certificate by using a number of different methods, as listed here.

Manually adding the root certificate to the certificate store

  1. Run MMC.exe.

  2. Choose File > Add/Remove snap-in.

  3. Select Certificates and click Add.

  4. Choose Computer Account and click Next.

  5. Select Local computer and click Finish.

  6. Click OK to add the Certificates snap-in to MMC.

  7. Expand Trusted Root Certification Authorities, right-click Certificates, and choose Import.

  8. At the welcome page click Next.

  9. Browse to locate the certificate file, select the file name, and click Next.

  10. Ensure that the certificate is placed in the Trusted Root Certification Authorities store, and click Next.

  11. Click Finish to import the certificate.

Automatically adding the root certificate to the certificate store using Group Policy

  1. Edit the appropriate group policy. For example, Default domain policy.

  2. Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies > Trusted Root Certification Authorities.

  3. Right-click Trusted Root Certification Authorities and choose Import.

  4. Browse to the copy of the root certificate and click Next.

  5. Confirm that the certificate is placed in the correct certificate store, and click Next.

  6. Click Finish to import the certificate into the Group Policy.

    The Group Policy setting takes effect after the affected computers have been restarted.

The Google Chrome web browser uses the local certificate store on each users' computer. Google Chrome is compatible with either method of manually importing a certificate or automatically importing a certificate with Group Policy.

The Mozilla Firefox web browser does not use the computer's certificate store, but instead has its own store for root certificates.

Manually adding the root certificate to Mozilla Firefox

  1. Open an instance of your Mozilla Firefox browser.

  2. On the Firefox home page, click on Settings and then click the Advanced tab.

  3. Click on View Certificates.

    The Certificate Manager window opens.

  4. Select the Authorities tab, click Import, and browse to the certificate file and click OK.

    The Downloading Certificate window opens.

  5. Check the Trust this CA to identify websites check box and click OK.

  6. Click OK to close the Certificate Manager window.

  7. Click OK to close the Options window.