If the IdP certificate is signed directly by a trusted certification authority (CA) this step is not required. This step is only for instances where the CA trust-chain is not already trusted by the CxManager.
The below should be applied for the root and all intermediate CA keys.
To manually install the trusted certificate file:
1. Go to Start > Run > MMC. The Console Root screen is displayed.
2. Select File > Add/Remove Snap-ins. The Add or Remove Snap-ins screen is displayed.
3. Under Available Snap-Ins, double-click Certificates. The Certificates Snap-in screen is displayed.
4. Select Computer Account and click <Next>.
5. Click <Finish> and then <OK>.
6. From the Console Root screen, navigate to Certificates > Trusted Root Certification > Certificates.
7. Right-click Certificates and select All Tasks > Import from the shortcut menu. The Welcome to the Certificate Import Wizard is displayed.
8. Click <Next>. The File to Import screen is displayed.
9. Click <Browse> and navigate to the trusted certificate file (.cert).
10. Click <Next>. The Certificate Store screen is displayed.
11. Select Place all Certificates in the following store and verify that the selected Certificate Store is Trusted Root Certification Authorities.
12. Click <Next>. The Certificate Import Completion screen is displayed.
13. Confirm the specified trusted root certificate import settings and click <Finish>.