3.2 KiB
title | layout |
---|---|
Installing the CA Certifiacte | base.njk |
{{title}}
Importing GF4's CA certificate is required to use matrix and recommended for https, imap, etc.
What is this?
TLS also known as SSL is a computer technology used to cryptographically sign and encrypt stuff. GF4 signs data on domains that end in .gf4
. For your applications to recognize these signatures, you must install GF4's root certificate. Otherwise, you will get privacy errors in your browser.
Follow these instructions to install the certificate on your computer or phone:
Fedora/Arch Linux (or p11-kit)
# mkdir -p /usr/local/share/ca-certificates
# curl -sL https://www.gf4.pw/ca.crt > /usr/local/share/ca-certificates/gf4.crt
# trust anchor /tmp/gf4.crt
source: Arch wiki: User:Grawity/Adding a trusted CA certificate
Debian/Ubuntu
Open a terminal and run:
sudo apt-get install -y ca-certificates curl
curl -s https://www.gf4.pw/ca.crt | sudo tee /usr/local/share/ca-certificates/gf4.crt
sudo update-ca-certificates
source: Ubuntu server docs: Security trust store
Android
- Download the certificate from /ca.crt onto your android's internal storage
- Go to Settings > Security > More security settings > Encryption & credentials > Install a certificate > CA certificate. If you can't find it there, just search the settings for "CA certificate".
- Tap through any warnings ("Install anyway") and select the
ca.crt
file from the file browser.
Mac
Download the certificate from /ca.crt to your home directory and run this command in a terminal:
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/ca.crt
source: KerioConnect Help: Adding trusted root certificates to the server
iPhone
- Open www.gf4,pw/ca.crt in Safari.
- Safari will say "This website is trying to download a configuration profile. Do you want to allow this?". Tap Allow.
- Safari will then say "Review the profile in Settings app if you want to install it.". Tap Close.
- Settings -> General -> VPN & Device Management -> gf4 -> Install. If you get a warning that complains about this being an Unmanaged Root Certificate and Unverified Profile, tap Install again. You will notice that Not Verified in red will turn into Verified in green.
- Settings -> General -> About -> Certificate Trust Settings -> Enable Full Trust For Root Certificates -> gf4.
Windows
Download the certificate from /ca.crt run this command in a terminal in the same folder as the ca.crt
file:
certutil -addstore -f "ROOT" ca.crt
source: KerioConnect Help: Adding trusted root certificates to the server
< Back