This site requires JavaScript to be enabled

Fermilab CA certificates - How to install certificates on a non-Fermi managed Mac

189 views

4.0 - Updated on 2023-03-07 by Quinton Healy

3.0 - Updated on 2021-02-16 by Carlos Salazar (Inactive)

2.0 - Updated on 2020-11-03 by Fang Wang

1.0 - Authored on 2018-11-26 by Marcia Teckenbrock

Fermilab CA certificates - How to install certificates on a non-Fermi managed Mac

 

Intended for:

Users of non-Fermi owned/managed Macs who use applications, such as VPN, that requires Fermilab CA certificates.

 


Scenario/Use case:

Users may need to use an application, such as Cisco VPN, which requires Fermilab CA certificates on their non-Fermi owned and managed Mac.  The following steps describe where to download the certificates, which certificates to download, and how to install the certificates.

 


Instructions:

You will need to install two certificates: Fermilab Root CA certificate and FERMI CA certificate (also known as the FERMI Sub CA 01 certificate).

Step 1: Installing the Fermilab Root CA certificate

  1. In your browser, go to https://authentication.fnal.gov/certs.
  2. Under FERMI Certificate Authority section, locate the line for "Root CA" and click DER link to download the certificate.
  3. In your Mac Downloads folder, double-click the file Fermilab_Root_CA.cer. The new certificate should be copied in the login keychain under the Certificates category.
  4. Copy the root certificate in the System keychain (required to make CA certificate trusted by all system processes and all users).
  5. In the keychain tool, click Fermilab Root Certificate in the login keychain and then right-click and select "Copy" Fermilab Root CA.
  6. Go to the System keychain and paste the new certificate.
  7. Right-click on the certificate and select the "Get Info" to open the window with the certificate details.
  8. Extend Trust and select Always Trust in the "When using this certificate" section.

Step 2: Installing the FERMI CA certificate

  1. In your browser, go to https://authentication.fnal.gov/certs.
  2. Under FERMI Certificate Authority section, locate the line for "FERMI CA certificate" and click DER link to download the certificate.
  3. In your Mac Downloads folder, double-click the file FERMI_Sub_CA_01.cer. The new certificate should be copied in the login keychain under the Certificates category.
  4. Copy the FERMI CA certificate in the System keychain (required to make CA certificate trusted by all system processes and all users).
  5. In the keychain tool, click FERMI Sub CA 01 in the login keychain, then right-click and select "Copy" FERMI Sub CA 01.
  6. Go to the System keychain and paste the new certificate.
  7. Right-click on the certificate and select "Get Info" to open the window with the certificate details.
  8. Extend Trust and select Always Trust in the "When using this certificate" section.

Your certificates should now be installed.  

 


See Also: