74 lines
3.2 KiB
Markdown
74 lines
3.2 KiB
Markdown
---
|
|
title: Installing the CA Certifiacte
|
|
layout: base.njk
|
|
---
|
|
|
|
# {{title}}
|
|
|
|
Importing GF4's CA certificate is required to use matrix and recommended for https, imap, etc.
|
|
|
|
## What is this?
|
|
|
|
**TLS** also known as **SSL** is a computer technology used to cryptographically sign and encrypt stuff. GF4 signs data on domains that end in `.gf4`. For your applications to recognize these signatures, you must install GF4's root certificate. Otherwise, you will get privacy errors in your browser.
|
|
|
|
Follow these instructions to install the certificate on your computer or phone:
|
|
|
|
---
|
|
|
|
### Fedora/Arch Linux (or p11-kit)
|
|
|
|
```
|
|
# mkdir -p /usr/local/share/ca-certificates
|
|
# curl -sL https://www.gf4.pw/ca.crt > /usr/local/share/ca-certificates/gf4.crt
|
|
# trust anchor /tmp/gf4.crt
|
|
```
|
|
|
|
**source**: [Arch wiki: User:Grawity/Adding a trusted CA certificate](https://wiki.archlinux.org/title/User:Grawity/Adding_a_trusted_CA_certificate)
|
|
|
|
### Debian/Ubuntu
|
|
|
|
Open a terminal and run:
|
|
|
|
```
|
|
sudo apt-get install -y ca-certificates curl
|
|
curl -s https://www.gf4.pw/ca.crt | sudo tee /usr/local/share/ca-certificates/gf4.crt
|
|
sudo update-ca-certificates
|
|
```
|
|
**source**: [Ubuntu server docs: Security trust store](https://ubuntu.com/server/docs/security-trust-store)
|
|
|
|
### Android
|
|
|
|
1. Download the certificate from [/ca.crt](https://www.gf4.pw/ca.crt) onto your android's internal storage
|
|
2. Go to Settings > Security > More security settings > Encryption & credentials > Install a certificate > CA certificate. If you can't find it there, just search the settings for "CA certificate".
|
|
3. Tap through any warnings ("Install anyway") and select the `ca.crt` file from the file browser.
|
|
|
|
### Mac
|
|
|
|
Download the certificate from [/ca.crt](https://www.gf4.pw/ca.crt) to your home directory and run this command in a terminal:
|
|
|
|
```
|
|
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/ca.crt
|
|
```
|
|
|
|
**source**: [KerioConnect Help: Adding trusted root certificates to the server](https://manuals.gfi.com/en/kerio/connect/content/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html)
|
|
|
|
### iPhone
|
|
|
|
1. Open [www.gf4,pw/ca.crt](https://www.gf4.pw/ca.crt) in Safari.
|
|
2. Safari will say "*This website is trying to download a configuration profile. Do you want to allow this?*". Tap **Allow**.
|
|
3. Safari will then say "*Review the profile in Settings app if you want to install it.*". Tap **Close**.
|
|
4. Settings -> General -> **VPN & Device Management** -> **gf4** -> **Install**. If you get a warning that complains about this being an *Unmanaged Root Certificate* and *Unverified Profile*, tap **Install** again. You will notice that **Not Verified** in red will turn into **Verified** in green.
|
|
5. Settings -> General -> About -> Certificate Trust Settings -> **Enable Full Trust For Root Certificates** -> **gf4**.
|
|
|
|
### Windows
|
|
|
|
Download the certificate from [/ca.crt](https://www.gf4.pw/ca.crt) run this command in a terminal in the same folder as the `ca.crt` file:
|
|
|
|
```
|
|
certutil -addstore -f "ROOT" ca.crt
|
|
```
|
|
|
|
**source**: [KerioConnect Help: Adding trusted root certificates to the server](https://manuals.gfi.com/en/kerio/connect/content/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html)
|
|
|
|
< [Back](/nebuchadnezzar/)
|