Security Certificates

Although it can be important or even essential to secure a web application with Transport Layer Security using a certificate, this can be expensive through companies such as Thawte or Verisign. We have chosen the same route as many organisations and decided to create our own Certificate Authority and Certificates. As we do not wish to go through the burden of asking Mozilla, Microsoft and other organisations to include our certificate with their browser and other applications this needs to be added manually. Depending on your applications you may need to import the certificate into your email and browser applications as well as Windows or Mac operating system.

Our Root Certificate can be downloaded here. To install the certificate into your email application you may need to 'save link as'.

Installing into Microsoft Windows, Internet Explorer, Outlook and Outlook Express

Microsoft has good integrated security so when the certificate is installed into the operating system it becomes available to Internet Explorer, Outlook and Outlook Express.

  1. Download the Root Certificate
  2. Save the certificate into a file with a .crt extension
  3. Open a Microsoft IE Browser
  4. Go to Tools > Internet Options > Content > Certificates
  5. Choose the "Trusted Root Certification Authorities" tab
  6. Click Import. A "Certificate Import Wizard" will appear. Click Next.
  7. Browse to the location of the recently stored root (step 2). Select X.509 Certificate (*.cer,*.crt) files for file type.
  8. Select the certificate and click Open.
  9. Click Next.
  10. Select "Automatically select the certificate store based on the type of the certificate". Click Ok.
  11. You will receive a security warning advising that you are about to install a certificate from a certification authority (CA) claiming to represent "Persistent Objects Root Certificate Authority". Click Yes to confirm that you want to install this certificate.
  12. You will receive confirmation that the import was successful, click OK to acknowledge.
  13. Scroll down and select the "Persistent Objects Root Certificate Authority" then click the Advanced... button
  14. Tick the "Client Authentication" and "Secure Email" boxes then click OK
  15. Click Close then OK to finish

Installing into Firefox

Using Firefox, click on this link, to download the certificate. You will be asked if you want to trust the "Persistent Objects Root Certificate Authority" for the following purposes.

  • Trust this CA to identify web sites
  • Trust this CA to identify email users
  • Trust this CA to identify software developers

All three options should be ticked.

By clicking the View button you can check that the Serial number is b7:9d:80:70:22:94:ae:40.

Click OK to complete the installation.

Installing into Thunderbird

Download the Certificate here, you probably need to use the 'save link as' option to save the certificate.

Under Tools/Options/Privacy/Security click View Certificates to open the Certificate Manager.

Select the Authorities Tab, click Import, select the pocert.crt file you just downloaded then click Open.

You will be asked if you want to trust the "Persistent Objects Root Certificate Authority" for the following purposes.

  • Trust this CA to identify web sites
  • Trust this CA to identify email users
  • Trust this CA to identify software developers

All three options should be ticked.

By clicking the View button you can check that the Serial number is b7:9d:80:70:22:94:ae:40.

Click OK to complete the installation.

Installing into Microsoft Entourage on Mac OSX

Download the Root Certificate and follow these instructions.

Installing into Opera

Using an Opera browser, click on this link to install the certificate. You will be prompted to install the "Persistent Objects Root Certificate Authority" and the dialog box will confirm that the certificate was downloaded from http://p-o.co.uk/ssl/pocert.crt using an insecure connection. By clicking the View button you can check that the Serial number is 0xb7:9d:80:70:22:94:ae:40. Click Install then OK to trust the issuer.

By Alan Hicks
Check out