ge.com GE imagination at work
Manual installation SOP of GE Root Certificate on a laptop/desktop

How do I manually install the PITC certificate to my server or application?

While the PITC certificate package is automatically delivered and transparently installed in most situations, if you need to manually run the installation package to install the certificate obtain installation package from here

Double click on the exe and allow it to execute. At the conclusion and after logging and logging out, you should find the new certificate in the Windows Cert Store and Firefox store, as depicted in the verification section. Please note that Firefox uses an active setup and requires the user to log out and log back in or to reboot their PC to add the certificate. If verification is failing with Firefox, please ask the user the reboot their PC.

If the package fails the following manual approach can be used to install the certificate used with PITC. Before you start, you will need to have the following certificate: GE_External_Root_CA_2_1.cer.

The process is to copy the certificate over to the user’s PC and once there perform the following process.

  1. Double click the root certificate and select "Install Certificate".
  2. In Wizard, click next on the first page to reach the Certificate Store page. Select "Place all certificates in the following store". Click Browse and select "Trusted Root Certification Authorities" and click OK.

  3. When the wizard returns to the main page, select "Next" and then "Finish"

  4. Accept any warnings presented about root trust and click OK on the dialog box reporting the installation was successful.

Firefox, if in use, installation is done within the browser itself. The certificate will be installed in the Certificate Manager for the browser and cert is imported using the same options. Install the root certificate using the following process:

  1. Open Firefox, on the top right hand side open menu bar and select "Options"
  2. In popup, click Advanced and then "View Certificates".
  3. Click on the Authorities tab and click "Import".
  4. Import the certificate and be sure to check the "Trust this CA to identify websites." And click OK.

Note for older versions of Microsoft Windows Operating Systems and Microsoft Internet Explorer

Please note that in some cases certificate installation validation may fail with older versions of Windows and Internet Explorer, e.g. Internet Explorer 7. Failures in this case is often due to a lack of support for higher level TLS standards or due to enhanced security controls. If this occurs in your installation, please try to use a different browser, e.g. Google Chrome or a modern version of Internet Explorer, to test.

The following scenarios are used to verify the installation of the certificate.

Scenario 1 – Microsoft cert store for everything except Firefox

  1. Open from the command prompt certmgr.msc and manually browse to the Trusted root to see the certificate installed.
  2. Screenshot follows. Look to confirm that GE External Root CA 2.1 is present.

Scenario 2 – Cert store for Firefox

  1. GUI testing involves opening Firefox, going to the tools menu, then Options, Advanced, Security, View Certificates.
  2. Screenshot follows. Note depending on usage there may be additional GE certificates. This is ok.

Please refer to the Server installation SOP if more information required.

If you run into issues and need additional assistance please contact your IT help desk.
More information · The Acceptable Use of Information Resources