SSL Certificates: Difference between revisions

From Supporting Role Wiki
Jump to navigationJump to search
 
(One intermediate revision by the same user not shown)
Line 27: Line 27:
#:Before trusting this CA for any purpose, you should examine its certificate and its policy and procedures (if available).</pre>
#:Before trusting this CA for any purpose, you should examine its certificate and its policy and procedures (if available).</pre>
#Tick at least the first box ('Trust this CA to identify web sites.') and click '''OK'''
#Tick at least the first box ('Trust this CA to identify web sites.') and click '''OK'''

===Chrome===
#Go to the FABIT Certificate website: http://www.uk.forgetaboutit.net/certs/
#Click '''fabit-ca-cert.crt'''. It will be downloaded to your Downloads directory.
#Go to the '''Settings'' menu (top right, will open a new page).
#Click on '''Advanced''', at the bottom.
#Scroll down to '''HTTPS/SSL''' and click on '''Manage Certificates'''
#Click on the '''Authorities''' tab, and then click on '''Import'''
#Go to your Downloads folder and select '''fabit-ca-cert.crt''', and click '''Open'''.
#You'll get:
#:<pre>Do you want to trust "Certificate Authority" as a Certification Authority?
#:Edit trust settings:
#: [ ] Trust this Certificate for identifying websites.
#: [ ] Trust this Certificate for identifying email users.
#: [ ] Trust this Certificate for identifying software makers.</pre>
#Tick at least the first box ('Trust this Certificate for identifying websites') and click '''OK'''.
#Click '''Finished'''


=== Opera ===
=== Opera ===
Line 85: Line 102:
#The iPhone/iPad will prompt you to enter your lock code, and return you the same screen, but without the Install button.
#The iPhone/iPad will prompt you to enter your lock code, and return you the same screen, but without the Install button.
#Click on '''Done'''.
#Click on '''Done'''.

Once this is done, it appears that it isn't always enabled by default, so go to '''Settings -> General -> About -> Certificate Trust Settings''' and make sure it is enabled.

Latest revision as of 15:50, 11 September 2017

An SSL certificate is half of a pair of certificates needed for an encrypted session. Forget About IT® has it's own master certificate, otherwise known as a root certificate. This allows us to issue certificates for all of our clients at no cost.

Without installing the root certificate on your computer or mobile device, you will get a warning that we are not to be trusted. This is because we have yet to persuade Microsoft, Apple et al to release their software with our root certificate pre-installed. Maybe one day :-).

All that is needed to avoid the warnings, is for the root certificate to be installed on any device that needs to access a Forget About IT® server. The root certificate can be found here. Different browsers require different techniques:

Browsers

Internet Explorer 7+

  1. Go to the Root Certificate location: http://www.uk.forgetaboutit.net/certs/
  2. Click on fabit-ca-cert.crt and open the certificate
  3. Click on the Install button to launch the wizard, then on Next.
  4. Select Place all certificates in the following store and browse to Trusted Root Certification Authorities.
  5. Click on OK and then Next
  6. Click on Finish and then acknowledge the security warning.
  7. Acknowledge the completed message box, and then click OK to close the certificate window.
Note: This procedure only adds the FABIT root certificates to the current user.

Mozilla Firefox

  1. Go to the Root Certificate location: http://www.uk.forgetaboutit.net/certs/
  2. Click on fabit-ca-cert.crt
  3. You'll get: 
    You have been asked to trust a new Certificate Authority (CA).
    Do you want to trust "CA Cert Signing Authority" for the following purposes?
    [ ] Trust this CA to identify web sites.
    [ ] Trust this CA to identify email users.
    [ ] Trust this CA to identify software developers.
    Before trusting this CA for any purpose, you should examine its certificate and its policy and procedures (if available).
  4. Tick at least the first box ('Trust this CA to identify web sites.') and click OK

Chrome

  1. Go to the FABIT Certificate website: http://www.uk.forgetaboutit.net/certs/
  2. Click fabit-ca-cert.crt. It will be downloaded to your Downloads directory.
  3. Go to the 'Settings menu (top right, will open a new page).
  4. Click on Advanced, at the bottom.
  5. Scroll down to HTTPS/SSL and click on Manage Certificates
  6. Click on the Authorities tab, and then click on Import
  7. Go to your Downloads folder and select fabit-ca-cert.crt, and click Open.
  8. You'll get: 
    Do you want to trust "Certificate Authority" as a Certification Authority?
    Edit trust settings:
    [ ] Trust this Certificate for identifying websites.
    [ ] Trust this Certificate for identifying email users.
    [ ] Trust this Certificate for identifying software makers.
  9. Tick at least the first box ('Trust this Certificate for identifying websites') and click OK.
  10. Click Finished

Opera

  1. Go to the FABIT Certificate website: http://www.uk.forgetaboutit.net/certs/
  2. Click fabit-ca-cert.crt. It will be downloaded to your Downloads directory.
  3. Double click on the fabit-ca-cert.crt file. The Keychain Access application will be launched
  4. Select 'X509Anchors' from the 'Keychain' dropdownlist and press OK.
  5. You will be asked to authenticate yourself. After that, the certificate will be installed system-wide.

Safari

  1. Go to the FABIT Certificate website: http://www.uk.forgetaboutit.net/certs/
  2. Click fabit-ca-cert.crt. It will be downloaded to your desktop.
  3. Double-click the file to launch the Keychain Access application, and click on Always Trust.
  4. You will be asked to authenticate yourself. After that, the certificate will be installed system-wide.

Email Clients

Mozilla Thunderbird

  1. Download the FABIT root certificate from http://www.uk.forgetaboutit.net/certs/ and save it to a convenient location.
  2. Open Thunderbird
  3. Depending on the version of Thunderbird
    • For older versions of Thunderbird open: Preferences->Privacy->Security->View Certificates->CA
    • For Thunderbird V2.+ open: Tools->Options->Encryption->View Certificates->Authorities
  4. Select "Import Certificate" or "Import..."
  5. You'll get: 
    You have been asked to trust a new Certificate Authority (CA).
    Do you want to trust "CA Cert Signing Authority" for the following purposes?
    [ ] Trust this CA to identify web sites.
    [ ] Trust this CA to identify email users.
    [ ] Trust this CA to identify software developers.
    Before trusting this CA for any purpose, you should examine its certificate and its policy and procedures (if available).
  6. Tick at least the second box ('Trust this CA to identify email users.') and click OK.

Outlook

Install the certificate into Internet Explorer and Outlook should be able to use it.

Outlook Express

Install the certificate into Internet Explorer and Outlook should be able to use it.

Microsoft Mail

Install the certificate into Internet Explorer and Outlook should be able to use it.

Mac Mail

Entourage

Mobile Devices

Windows Mobile 6

You first need to copy the certificate file to the device using Internet Explorer. Windows Mobile 6 supports DER, CER and PEM formats, but we recommend using CER. Start File Explorer and then simply tap the filename. The device should then say "Certificate successfully imported" or words to that effect.

Windows Mobile 5 & Pocket PC 2003

On Pocket PC 2003 and Windows Mobile 5.0 the file has to be in DER format. Otherwise, process as above.

Blackberry

  1. navigate to http://www.uk.forgetaboutit.net/certs
  2. Click/touch the fabit-ca-cert.crt file
  3. Add the certificate to the Certificate Store.

iPhone / iPad

  1. Using Safari, navigate to http://www.uk.forgetaboutit.net/certs
  2. Click/touch the fabit-ca-cert.crt file
  3. Safari will prompt you to install the certificate.
  4. The iPhone/iPad will prompt you to enter your lock code, and return you the same screen, but without the Install button.
  5. Click on Done.
Once this is done, it appears that it isn't always enabled by default, so go to Settings -> General -> About -> Certificate Trust Settings and make sure it is enabled.
Retrieved from "https://wiki.supporting-role.co.uk//index.php?title=SSL_Certificates&oldid=679"