Import self signed certificate on Windows

If you run your ssl services like Email or internal Websites with self signed certificates you may want to get rid of the certification warning because your certificate is not signed by an official authority.

First generate a certificate which can be imported by Windows from your CA file:

openssl x509 -in <pathtoyourcafile> -outform DER -out ca.cer

This ca.cer file can now be imported as trusted root certificate authority. It is your own CA you trust here, so keep your CA keyfile save and secure. Now all certificates generated and signed by this CA will be accepted by your browser and Email program without showing further certification warnings. Some software uses there own certificate management, for example Firefox or Thunderbird. For this tools you need to import the CA certificate as well because they don't ask the Windows certificate management.