DavidM 4/10/2015 7:16:33 AM

Transferring a Self-Signed Certificate to another computer in the same domain

We're setting up Service Based Architecture here, and it's going well. Now we need to get it working on another machine. The second machine is giving us a bunch of errors that seem to point to security:

Internet Explorer gives you There is a problem with this website's security certificate.

If you click on the 'certificate error', you'll see this:

This CA Root certificate is not trusted. To enable trust, install this certificate in the Trusted Root Certification Authorities store.


Chrome will give you a 'privacy error', and tell you that 'Your connection is not secure'


Visual Studio will report:

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

Using the WADL Generator for Project Siena, I get this error:

Unexpected character encountered while parsing value: T. Path '', line 0, position 0


The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

This article will discuss the fix for all that.


We'll show you how to export the Self-Signed Certificate from the original box onto a new box.

Go onto the original box and open a command prompt, and type in 'mmc'. Hit enter

In the MMC applet, add the Certificates snap-in. In the wizard, choose Computer Account and Local Computer.

The certificate that we want should be under 'Personal'. Find the certificate and right-click, choose All Tasks > Export


 Fair warning: we're not security experts, we're developers just trying to get the job done. There are lots of smart security people out there that understand 'private keys' better than we do. OK, the kid that asked you if 'you want fries with that?' yesterday has the same level of understanding as we do.

We're going to choose the route that seems less complicated and choose not to export the private key.

 Same warning here. We'll choose the DER encoded binary option.


 Save the exported certificate to a network share, because we'll want to access it from the other machine.



Now open the Certificate snap-in on the new machine, using the same procedure outlined above.

This time find the Trusted Root Certification Authority, right-click, and import.

That should do it.



We make companies more profitable. Serving clients nationally, our services include database, financial, ERP, CRM and Web-based solutions.

Call us for a free evaluation of your company's technology needs.

941-74P-enny x2 (941-747-3669)
Contact Us