Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

New Member
Posts: 1
Registered: ‎08-25-2013

"This CA Root Certificate - not in the trusted root certification authorities store"

[ Edited ]

I cannot login to my EdgeRouter Lite from the Windows 8 IE10 browser. I have a SOHO setup with just the EdgeRouter and my cable modem/router.

The problem - the "Certificate Status" say's:

"This CA Root Certificate is not trusted because it is not in the trusted root certification authorities store"

I can override the error and login from Firefox and Chrome browsers, but not IE10.

It was working, I upgraded the firmware, at first login from IE10 it prompted for the certificate to be accepted, which I did, but because I was not logged in to Win8 as administrator, it did not install the certificate. Now the W8 O.S. does not trust the certificate, and I cannot figure out how to install it again.

I have been through this procedure: "Managing trusted root certificates for a local computer"


I have also attempted to clear the problem through IE10 browser \Tools\Options\Content\Certificates\Clear SSL State, also the UBNT Router UI certificate and publisher cannot be found in the 'Certificates' and 'Pubishers' sections.

To manually import the certificate into the Windows OS, a certificate file is required - where do I get that ?

I have just bought the EdgeRouter, and I have not been able to get my EdgeRouter Lite to communicate with the outside world - I don't know if this is part of the problem.

Please help.






Posts: 209
Registered: ‎05-21-2013
Kudos: 257
Solutions: 8
Contributions: 3

Re: "This CA Root Certificate - not in the trusted root certification authorities store"

EdgeOS is using a self-signed certificate. You may fetch it from it and install (the file is /etc/lighttpd/server.pem).

You also may generate a proper certificate chain, install CA root certificate on workstations and copy certs signed with it to ERLs. Someone should add support for configuring that certificate through the CLI and/or GUI though, I guess.