This site requires JavaScript to be enabled
An updated version of this article is available

How to install Fermilab CA certificates on Mac computers

54 views

4.0 - Updated on 2023-03-07 by Quinton Healy

3.0 - Updated on 2021-02-16 by Carlos Salazar (Inactive)

2.0 - Updated on 2020-11-03 by Fang Wang

1.0 - Authored on 2018-11-26 by Marcia Teckenbrock

How to install Fermilab CA certificates on Mac computers

 

Intended for:

Mac users who need to install Fermilab CA certificates to use VPN or certain other applications.

 


Scenario/Use case:

Individual needs to install Fermilab CA certificates so they may use VPN or other applications on their non-centrally managed Mac computer.

 


Instructions:

You will need to install two certificates: Fermilab Root CA certificate and FERMI CA certificate (also known as the FERMI Sub CA 01 certificate).

 

Step 1: Installing the Fermilab Root CA certificate

a. In your browser, go to https://authentication.fnal.gov/certs.

b. Under “Individual files for each CA,” click DER to download the Root CA certificate.

c. Double-click the file Fermilab_Root_CA.cer in the Downloads folder. The new certificate should be copied in the login keychain under the Certificates category.

d. Copy the root certificate in the System keychain (required to make CA certificate  trusted by all system processes and all users). In the keychain tool, click Fermilab Root Certificate in the login keychain, then right-click and select Copy Fermilab Root CA. Go to the System keychain and paste the new certificate.

e. Right-click on the certificate in the System keychain.

1) Select Get Info to open the window with the certificate details.

2) Extend Trust and then for option, “When using this certificate” select Always Trust.

 

Step 2: Installing the FERMI CA certificate

a. In your browser, go to https://authentication.fnal.gov/certs.

b. Under “Individual files for each CA,” click DER to download the FERMI CA certificate.

c. Double-click the file FERMI_Sub_CA_01.cer in the Downloads folder. The new certificate should be copied in the login keychain under the Certificates category.

d. Copy the FERMI CA certificate in the System keychain (required to make CA certificate trusted by all system processes and all users). In the keychain tool, click FERMI Sub CA 01 in the login keychain, then right-click and select Copy FERMI Sub CA 01. Go to the System keychain and paste the new certificate.

e. Right-click on the certificate in the System keychain.

1) Select Get Info to open the window with the certificate details.

2) Extend Trust and then for option, “When using this certificate” select Always Trust.

 

Your certificates should now be installed. If you were installing these certificates to use with the VPN and need to install the VPN on your Windows machine please use this link for the VPN installation instructions.

See detailed instructions on how to install the Fermilab Root CA certificate with screenshots for Mac OSX 10.12.6 in the following example:

 


Example (Mac OSX 10.12.6):

 

    1. Double-click on the download file Fermilab_Root_CA.cer. It should copy it in the login keychain under the category Certificates.


      Download certificate

    2. Copy the new CA certificate in the System keychain.

      Copy certificate


    3. Enable trust: “When using this certificate Always Trust”.





 


See Also:

Fermilab CA certificates – what they are and why you need them

How to install Fermilab CA certificates on mobile devices iOS & Android

How to install Fermilab CA certificates on Linux