Examples of how to install the Fermilab Root CA certificate on mobile devices

Intended for:

Those who need in install a Fermilab Root CA certificate on their mobile device.

NOTE: These examples only cover several devices and are intended as guidance. The steps for your device may vary.

Scenario/Use case:

Install the Fermilab Root CA certificate on your mobile device to use VPN or certain other applications. The examples include:

Example 1: Samsung Galaxy S6 G920A, Android 7.0
Example 2: IPhone iOS 12.1
Example 3: IPad ML0F2LL/A, iOS 11.4.1
Example 4: Tablet with Android 8.1.0 using a ZIP archive with all Fermilab CA certificates

Examples:

Example 1: Samsung Galaxy S6 G920A, Android 7.0

1. Point your browser at https://authentication.fnal.gov/certs/Fermilab_Root_CA.cer. The certificate should start downloading automatically. When complete, you should see a pop-up window prompting you to type your identity verification PIN.
   
   
2. Provide a name for the new certificate. Click OK.
   
   
   
   
3. To verify the certificate is installed, go to Settings > Lock Screen and Security > Other security settings > View security certificates. The new certificate should be under the “User” tab:
   
   
   
   

Example 2: IPhone iOS 12.1

1. Open the Safari app and go to https://authentication.fnal.gov/certs. Under the “FERMI Certificate Authority” section, for Root CA, click to download either the PEM or DER file.
   
   
   
   
2. Click Allow.
   
   
   
   
3. Click Install to install the certificate:
   
   
   
   
4. Enter your passcode. Click Install to install the Fermilab Root CA certificate.
   
   
   
5. Click Install.
   
   
   
   
6. Once installed you should see a green Verified check mark indicating that the certificate has been installed.
   
   
   
   
7. To enable the certificate, go to Settings > General > About > Certificate Trust Settings. Move the slider to enable the Fermilab Root CA.
   
   
   
   
8. Select Continue.
   
   
   

Example 3: IPad ML0F2LL/A, iOS 11.4.1

1. Open https://authentication.fnal.gov/certs/Fermilab_Root_CA.cer.
2. On the install profile screen select Install.
   
   
   
   
   
   
   
   
3. Make the new Fermilab Root CA certificate trusted. Navigate to Settings > General > About > Certificate Trust Settings and enable trust for Fermilab Root CA.
   
   
   
   

Example 4: Tablet with Android 8.1.0 using a ZIP archive with all Fermilab CA certificates

1. Open the Chrome app and go https://authentication.fnal.gov/certs. Under the “FERMI Certificate Authority” section, for Root CA, click to download either the PEM or DER file.
   
   
   
   
2. Open the Files app (or equivalent) and navigate to the “Downloads” folder. Look for the zip file you just downloaded and tap to open it. Inside, there will be three certificates. You only need the Root CA certificate:
   
   
   
   
   
   
3. Look for the file Fermilab Root CA.cer and long tap to highlight it. Tap the “three dots” menu and select Extract to…
   
   
   
4. The default folder for the Files app is “Documents.” Click Extract.
   
   
   
   Check to see that the .cer file was extracted.
   
   
5. 1. Open the Settings app and go to Security & location.
      
      
      
      
   2. Then Encryption & credentials.
      
      
      
      
   3. Then Install from storage:
      
      
      
      
6. The Files app will open. Navigate to the “Documents” folder and tap the .cer file to open it.
   
   
   
   
7. You’ll be prompted to name the certificate. You can use any name, but make sure “Credential use” is set to “VPN and apps.” This should be the default. Click OK.
   
   
   
   
8. You’ll return to the Settings screen with the message “Fermi Root CA is installed”. To double check, tap Trusted Credentials, then under the the User tab, you should see Fermilab Root CA listed.
   
   
   
   
9. DONE!