Support center

Find your answer by topic or keyword


Why is there a window asking me to allow a certificate during the installation of Certifio Manager ?

This article is relevant and specific to CertifiO Manager 2.0 (CFM 2.0) only.



Traditionally, browsers didn’t allow communications between a secured web page (https) and an unsecured endpoint (like CertifiO Manager running on :24250). The whole point of this certificate is to enable SSL on CertifiO Manager, so that this communication can be done. In order to do this, we ABSOLUTELY MUST NOT use a standard SSL certificate issued by a Trusted Certificate Authority (a certificate that does not have a unique thumbprint), for the following reasons:

  • Trusted Certificat Authorities don’t have the right to issue SSL certificates for
  • If a web browser find that an SSL certificate was issued for a DNS pointing to, it has the obligation to revoke it.


The secure way to do this is to :

  • locally generate a CA Certificate with a unique thumbprint (that will be save in the windows certificate store) during installation of CertifiO Manager,
  • issue an SSL certificate from that CA,
  • register the CA in the user’s windows trust store (which pops the confirmation dialog, on which we don’t have any control),
  • and finally destroy the CA private key to ensure that no other certificates could be issued from that CA.


At the end of this process, the only certificate that will be trusted from this CA is the one used by the local instance of CertifiO Manager, on that particular machine. This will generate a thumbprint for you specific computer in order to ensure a secure connexion