On Windows ¶

Assuming the path to your generated CA certificate as C:\My-CA.pem, run:

1Import-Certificate -FilePath "C:\My-CA.pem" -CertStoreLocation Cert:\LocalMachine\Root

• Set -CertStoreLocation to Cert:\CurrentUser\Root in case you want to trust certificates only for the logged in user.

OR

In Command Prompt, run:

1certutil.exe -addstore root C:\My-CA.pem

• certutil.exe is a built-in tool (classic System32 one) and adds a system-wide trust anchor.

Siehe auch “Step 4 – Import root certificate to users devices” im Kapitel “openssl” bzw. den “Step 5” im Kapitel “cfssl” in einer anderen Fundstelle.

For Windows:

1mmc

• Click Open
• Go to File > Add/Remove Snap-in
• Click Certificates and Add
• Select Computer Account and click Next
• Select Local Computer then click Finish
• Click OK to go back to the MMC window
• Double-click Certificates (local computer) to expand the view
• Select Trusted Root Certification Authorities, right-click on Certificates, and select “All Tasks” then “Import”
• Click Next then Browse. Change the certificate extension dropdown next to the filename field to “All Files (.)” and locate the “your-root-cert-name.pem” file, click “Open”, then “Next”
• Select “Place all certificates in the following store”. “Trusted Root Certification Authorities store” is the default. Click “Next” then click “Finish” to complete the wizard
• To verify, see your imported root certificate if it’s listed in the list of root certificates

Auch im “Proxmox”-Wiki gibt es einen Artikel zum Hinzufügen von Zertifikaten zum Windows Trust-Store.