PKI

SSL / Certificate Authority (CASA)

root_ca.crt

intermediate_ca.crt

Instructions

Chrome
  1. Go to chrome://certificate-manager/localcerts/usercerts
    • Click the three dots in the upper right corner.
    • Open Settings
    • In the left-hand menu click Privacy and security
    • Click on Security, scroll down to "Advanced" and click on Manage certificates
  2. Under Custom click on Installed by you and Import a certificate (root_ca.crt) to your "Trusted Certificates"
Windows

  1. Open the Microsoft Management Console (MMC):

    • Press Windows key + R to open the Run dialog.

    • Type mmc and press Enter.

    • If prompted by User Account Control (UAC), click Yes.

  2. Add the Certificates Snap-in:

    • In the MMC window, go to File > Add/Remove Snap-in....

    • In the "Add or Remove Snap-ins" window, select Certificates from the "Available snap-ins" list on the left and click Add >.

  3. Choose "Computer account":

    • When prompted, select Computer account and click Next.

    • Select Local computer (the computer this console is running on) and click Finish.

  4. Confirm Snap-in Addition:

    • Click OK in the "Add or Remove Snap-ins" window to return to the MMC console.

  5. Navigate to Trusted Root Certification Authorities:

    • In the left pane of the MMC, expand Certificates (Local Computer).

    • Expand Trusted Root Certification Authorities.

    • Right-click on the Certificates folder underneath "Trusted Root Certification Authorities".

  6. Start the Import Wizard:

    • Hover over All Tasks and select Import.... This will open the Certificate Import Wizard.

  7. Follow the Wizard Prompts:

    • Click Next on the Welcome page.

    • Click Browse... and navigate to the location where you saved your custom CA root certificate file (it's usually a .cer, .crt, or .pem file). Select the file and click Open.

    • Click Next.

    • On the "Certificate Store" page, ensure that "Place all certificates in the following store" is selected and that the "Certificate store" field shows Trusted Root Certification Authorities. This is crucial. Click Next.

    • Click Finish.

  8. Confirmation:

    • You should see a message stating "The import was successful." Click OK.

Linux
  1. Create a folder for your CA
    sudo mkdir /usr/local/share/ca-certificates/casa_ca
  2. Copy certificate file
    sudo cp root_ca.crt /usr/local/share/ca-certificates/casa_ca/
  3. Update CA certificate store
    sudo update-ca-certificates
Android

  1. Open Android Settings:

    • Go to your device's Settings app.

  2. Navigate to Security/Credentials:

    • The exact path can vary slightly between Android versions and device manufacturers (e.g., Samsung, Pixel, OnePlus), but it's usually under a security-related section. Look for something like:

      • Security & privacy > More security settings > Encryption & credentials

      • Security > Encryption & credentials

      • Security > Install from storage

      • Biometrics and security > Other security settings > Install from device storage

  3. Initiate Certificate Installation:

    • Look for an option like Install a certificate, Install from storage, or Install from device storage.

    • You might be prompted to choose the type: Select CA certificate or VPN & app user certificate (depending on the exact wording and your Android version).

    • Important: Some Android versions (especially Android 11+) might show a warning like "CA certificates can put your privacy at risk and must be installed in Settings." This is normal; proceed if you trust the CA. You might need to confirm "Install anyway" or similar.

  4. Select the Certificate File:

    • A file browser will open. Navigate to where you saved the .crt, .pem, or .cer file (e.g., Downloads).

    • Tap on the certificate file to select it.

  5. Provide Certificate Details:

    • You'll be asked to give the certificate a name (alias) – choose something descriptive so you can identify it later (e.g., "MyCompany CA").

    • You might be asked for the "Credential use." For a root CA that validates websites, select VPN and apps.

  6. Set a Screen Lock (if prompted):

    • If you don't already have a screen lock set (PIN, pattern, or password), Android will likely require you to set one at this point. This is a security measure to protect the installed credentials.

  7. Confirm Installation:

    • Tap OK or Done to complete the installation.