Installing the Cloanto Certification Authority Root Certificate
TOPIC
Q: How can I make my operating system or browser recognize and accept your certificates, signatures or private HTTPS (TLS) services?
DISCUSSION
A: In general, we use certificates issued by the most reputable certification authorities available, e.g. Sectigo (formerly Comodo) and Digicert (formerly Symantec/VeriSign), for our e-commerce and code signing certificates. These should be recognized by the majority of browsers and operating systems. No action should be required in this case.
For internal operations, as well as for certain external (public) procedures and services which involve security and integrity rather than "reputation", we use our own public key infrastructure (PKI). Cloanto's PKI was designed and deployed so as to meet or exceed all relevant best practices, and includes an isolated and secured offline root certification authority (CA), and a redundant system of subordinate online issuing certificate authorities. This system is integrated with Microsoft's Active Directory, and, among other things, allows several servers to always have current certificates and authenticate the integrity of the services they provide.
Following the discovery of weaknesses in the SHA-1 cryptographic hash function, Cloanto followed the advice of the US NIST to migrate to SHA-2 (SHA-512). SHA-2 is supported on Windows Server 2003 SP2 (with the fix outlined in KB 968730), Windows XP SP3 and newer versions of Windows.
If your operating system or browser are not already set to recognize certificates issued by Cloanto, you can download and install the public portion of Cloanto's root certificate:
For verification purposes, the certification thumbprint is:
- A0932B2A0A756CADA853B041E1552B8F63476C97
Related Links
ARTICLE INFORMATION
Article ID: | 13-197 |
---|---|
Platform: | All |
Products: | All |
Additional Keywords: | None |
Last Update: | 2022-02-27 |