Softec Root CA Certificate

This article explain how to avoid warnings when using encrypted service hosted by Softec.

SOFTEC generates its own certificates for its encrypted services, which it signs using the SOFTEC CA Certificate. You will see a warning in your browser, or other application, when it receives that certificate because the SOFTEC CA Certificate is not in your list of trusted root certificates.

The following instructions are for different browsers and applications to help you trust SOFTEC’s CA Certificate so you no longer see certificate warnings.

Internet Explorer

Check your diagnosis: our certificate is missing

Browse to our encrypted site that cause a warning (if you don’t see a warning, you’ve perhaps already trusted the certificate, but may be not our CA certificate). On Internet Explorer 6 and older, click the View Certificate option. On Internet Explorer 7, continue to the web site and than click the certificate error icon in the address bar, and choose "View Certificate". Note that on Internet Explorer 6, you can also access this option by double clicking the padlock icon in the status bar, once you have temporarily accepted our site certificate.

You’ll see the site’s certificate has been issued and signed by the SOFTEC CA Certificate, and a warning message indicating that it isn’t trusted.

Trust our root certificate

To install our certificate, you should browse to the following URL:

http://www.softec.st/certificates/Softec_CA.crt

The certificate Softec_CA.cer is proposed for download. Confirm this download with "Open". Click the Install Certificate button; you will then need to click Next a few times through a wizard. Except for Windows Vista, default option are fine. For Windows Vista, you should select "Place certificate in the following store" and select the "Trusted Root Certification Authorities". You will be asked to confirm the Fingerprint, which is:

D17B459C 982DDE00 221627C0 A8D60001 3AE0B250

Now that the SOFTEC CA Certificate is installed in your list of trusted root certificates you will no longer see warnings when using encrypted SOFTEC sites.

Mozilla Firefox

Check your diagnosis: our certificate is missing

Browse to our encrypted site that cause a warning (if you don’t see a warning, you’ve perhaps already trusted the certificate, but may be not our CA certificate). Click the Examine Certificate option. You can also access this option by double clicking the padlock icon in the address bar, once you have temporarily accepted our site certificate.

You’ll see the site’s certificate has been issued and signed by the SOFTEC CA Certificate, but in the detail tab, you does see the SOFTEC CA in the certificate hierarchy. Open the Options dialog, go to Advanced tab, then choose the Security tab. Click View Certificates.

Trust our root certificate

To install our certificate, you should browse to the following URL:

http://www.softec.st/certificates/Softec_CA.crt

A confirmation box allow you to confirm that you want to trust our certificate. First, you should check the authenticity of our certificate. Click on the "View" button to open the certificate, and check that the SHA1 and MDA Fingerprint are identical to the following ones:

Close the certificate and return to the confirmation dialog. At least, indicate that the certificate will be used for trusting web sites, in doubt check all, then complete the import. Firefox will now always trust certificates signed by SOFTEC.

Safari / Mac OS X

To install our certificate, you should browse to the following URL:

http://www.softec.st/certificates/Softec_CA.crt

A file name Softec_CA.crt is downloaded.

Double-click the downloaded file. A "Add Certificate" box open and propose to import the certificate in your Keychain. First, you should check the authenticity of our certificate. Click on the "View Certificate" button to open the certificate, and check that the SHA1 and MDA Fingerprint are identical to the following ones:

Close the certificate and return to the "Add Certificate" dialog. Choose the X509Anchors Keychain from the list and confirm. This will load the SOFTEC CA Certificate into your list of trusted certificates.

After importing you can delete the Softec_CA.crt file.

You will then need to quit and reopen Safari to see the changes.

Java Applications

You can add the SOFTEC CA Certificate to your root certificate trust store in Java, then all Java applications will trust the certificates that SOFTEC issues.

Note that you may need to do this each time you upgrade your Java installation.

To install our certificate, you should right click (ctrl click on MacOS or just click in Safari) the following link and choose "Save link as..." option:

http://www.softec.st/certificates/Softec_CA.crt

A file name Softec_CA.crt should be downloaded.

Than find the cacerts file, it should be in your JAVA_HOME/jre/lib/security/cacerts [1], where JAVA_HOME is your java home directory for the JVM you’re using.

Then type (substituting for JAVA_HOME and DOWNLOAD_DIR):

keytool -import -alias Softec_CA -file DOWNLOAD_DIR/Softec_CA.crt -keystore JAVA_HOME/jre/lib/security/cacerts -storepass changeit

(changeit is the default password on the cacerts file) You may also need to become root or administrator to access this file.

The output of that command should be like this:

And you should confirm the trust once you have check the fingerprint against the ones above.

You can check the correct installation with the following command:

keytool -list -keystore JAVA_HOME/jre/lib/security/cacerts -storepass changeit

If you’ve got multiple Java installations you may need to work out which ones you’re using to run your application and do this on the appropriate one. Or do it on all of your Java installations.