This certificate cannot be verified up to a trusted certification authority.

Problem 1

When I access the remote server via SSL VPN , you see the following error message:

This certificate cannot be verified up to a trusted certification authority.

or

This CA Root certificate is not trusted. TO enable trust,install this certificate in the Trusted Root Certification Authorities store. 

Cause

This issue is caused by the Certificate Authority not being visible to the browser.

Solution

Do the following on the Certificate Server

1. Open MMC, click Start, Run, type MMC, and press ENTER.
2. Add the Certificates snap-in using the Computer Account.
   
   1. Click File, select Add/Remove Snap-In.
      You see the Add/remove snap-in window.
   2. Click Add.
      You see the Add Standalone snap-in window.
   3. Select Certificates and click Add.
   4. Select Computer Account and click Next.
   5. Select Local Computer (selected by default) and click Finish.
   6. Click Close.
      You now have a single snap-in called Certificates (Local Computer) in the snap-ins added section of the Add/remove snap-in window.
   7. Click Ok to close the Add/remove snap-in window and to return to the MMC.
3. Perform the following in the MMC window.
   1. Expand Certificates.
   2. Expand Trusted Root Certification Authority.
   3. Right-click the correct Root Certification Authority (you may need to select the certificates folder to view the list in the right hand window panel).
   4. Click Export, which opens the wizard. Select the following in the wizard: 
      1. Select Cryptographic Message Syntax Standard - PKCS #7 Certificates (.P7B).
      2. Select Include all certificates in the certification path if possible. 
      3. Click Next.
      4. Assign a relevant file name.
      5. Click Next, Finish.
         This will create .p7b. 
   5. Copy .p7b to the client used to access the site.
4. Install the certificate on the client using one of the following methods.

        

• Method 1 - Right-click on the certificate file
  1. Right-click .p7b.
  2. Click Install Certificate.
  3. Click Next, Place all certificates in the following store.
  4. Click Browse.
  5. Select Trusted Root Certification Authorities.
  6. Click Ok, Next, Finish.
      
• Method 2 -  Import using Microsoft Internet Explorer
  1. Open Internet Explorer. 
  2. Select Tools, Internet Options.
  3. Click the Content tab.
  4. Click Certificates.
  5. Select the Trusted Root Certification Authorities tab.
  6. Click Import.
  7. Browse to the .p7b file and place it in Trusted Root Certification Authorities.
  8. Click Next, then click Finish.