Deploying SSL Certificates to Multiple Windows Devices

You may choose to install a certificate manually, as per this article:

• For testing purposes on an individual client
• If your network has a small number of devices that need SWI Filtering
• If your network does not have any method of deploying a certificate

If your network has a number of Windows devices, you may prefer to deploy the certificates via Group Policy (if you have an Active Directory server) or using a script.

‍

Considerations

When installing certificates manually onto devices which run Microsoft Windows, some additional steps are required to maintain maximum security, this involves installing the certificate into the correct location and certificate store during the certificate installation wizard. There are two options to choose from.

‍

‍

Installing an SSL Certificate (as a Trusted Root Certification Authority)

1. Download the certificate file by clicking on the 'Download N4L SSL Certificate' button above.
2. Right-click on the certificate file, and choose Open. You may see a Security Warning window. If so, choose Open.

Figure 1: The Security Warning dialog - choose Open to continue

3. The Certificate window will appear. Click Install Certificate...

Figure 2: The certificate window. This shows details about the certificate

4. Choose a Store Location (see Considerations) and click Next

Figure 3: Choosing a certificate store

5. On the next screen, click Browse. Choose the Trusted Root Certification Authorities store. Click OK.

Figure 4: Click Browse to bring up the Select Certificate Store window

6. Click Finish.

Figure 5: Click Finish to complete the certificate installation process

When To Perform These Steps

Installing an SSL certificate is usually required after configuring SWI Filtering for the first time, or when the certificate has expired or been re-issued.
If you are installing certificates manually on all of your Windows devices, these steps will need to be performed on each new device that is to be subject to SWI Filtering.

‍

Deploying SSL Certificates to Multiple Apple OS X Devices

You may choose to install a certificate manually, as per this article:

• For testing purposes on an individual client
• If your network has a small number of devices that need SWI Filtering
• If your network does not have any method of deploying a certificate

If your network has a number of Apple OS X devices, you may prefer to deploy the certificates via Profile Manager.

‍

Considerations

When installing certificates manually onto devices which run Apple OS X, some additional steps are required to maintain maximum security. This involves installing the certificate into the correct keychain. There are three options to choose from.

‍

This guide assumes you have chosen the System keychain, but the steps should be very similar for the login keychain.

Installing an SSL Certificate (as a Trusted Root Certification Authority)

1. Download the certificate file by clicking on the 'Download N4L SSL Certificate' button above.
2. Click on the certificate file in your browser, or Double-click the certificate file in Finder.
3. The Add Certificate window will appear. Click Install Certificate...

4. Choose a Keychain (see Considerations) and click Add.

5. You will be asked to verify your Password to modify the Keychain. Enter your password and click Modify Keychain.

The Certificate is added to the Keychain.

Ensure you can see the certificate in the list.

6. In Keychains, click System then, in Category click Certificates

The System - Certificates are listed.

Trusting the Certificate

1. Double Click on the Certificate to trust.

The Certificate Detail window will be displayed.

2. Click on >Trust

The Trust section expands.

3. Click on the When using this certificate: drop down list, and choose Always Trust

All of the Drop-Downs will change to Always Trust.

4. Click on the Exit button (Red, top left corner of window).

You will be asked for your password to verify the change.

5. Enter your password and Click the Update Settings button.

In the Certificate list, the Certificate should now show that it is trusted.

6. Close Keychain Access.

When To Perform These Steps

Installing an SSL certificate is usually required after configuring SWI Filtering for the first time, or when the certificate has expired or been re-issued.
If you are installing certificates manually on all of your Apple OS X devices, these steps will need to be performed on each new device that is to be subject to SWI Filtering.

‍

Is this the only way to install an SSL certificate on an iOS device?

You may choose to install a certificate manually, as per this article:

• For testing purposes on an individual client
• If your network has a small number of iOS devices that need SWI Filtering
• If your iOS devices are not managed using an MDM solution, or Apple Configurator 2

If your network has a number of iOS devices, you may prefer to deploy the certificate via your school's MDM (Mobile Device Management) solution, or Apple Configurator 2

‍

Installing an SSL Certificate (as a Trusted Root Certification Authority)

1. On the iOS device, open 'cert.n4l.co.nz' in the Safari browser.
2. Tap on the 'Download N4L SSL Certificate' button above.

The device will show a message: "This website is trying to open Settings to how you a configuration profile. Do you want to allow this?"

3. Tap Allow.

The Install Profile screen will be displayed.

4. In the top right corner, tap Install.
5. If the iOS device has a passcode set, the device will prompt you to enter it. Enter the passcode.

6. A certificate warning will be displayed. Tap Install. If a second prompt is displayed, tap Install again.

‍

7. The Profile Installed screen is displayed. Tap Done.

Trusting the Certificate

Before the certificate can be used as intended, it must be trusted by the device.

1. On the device, go to Settings > General > About > Certificate Trust Settings.

The installed Root Certificates will be displayed in a section entitled "Enable Full Trust for Root Certificates."

There is a slide button next to each certificate.

2. Tap the slide button next to the certificate you just installed.

A confirmation dialogue will be displayed.

3. Tap Continue.

When do I need to perform these steps?

Installing an SSL certificate is usually required after configuring SWI Filtering for the first time, or when the certificate has expired or been re-issued.
If you are installing certificates manually on all of your iOS devices, these steps will need to be performed on each new device that is to be subject to SWI Filtering.

‍

Is this the only way to install an SSL certificate on a Chromebook?

You may choose to install a certificate manually, as per this article:

• For testing purposes on an individual client
• If your Chromebooks are only used by one user
• If your network has a small number of Chromebook devices that need SWI Filtering
• If your Chromebooks are not managed

If your network has a number of Chromebook devices, you may prefer to deploy the certificates via the Device Management section of Google Admin (if your school uses Google G Suite for Education)

‍

Important Note

On a Chromebook, SSL Certificates are applied at the User level.
This means that the certificate will need to be reinstalled for each user, if more than one user uses the device.

Installing an SSL Certificate (as a Trusted Root Certification Authority)

1. Download the certificate file by clicking on the 'Download N4L SSL Certificate' button above.
2. If you did not download the certificate file onto the Chromebook on which you are installing it, you must transfer the certificate file to that Chromebook (e.g. via USB drive or Google Drive)
3. In the Chrome Browser of the device you are installing the certificate on, navigate to chrome://settings
4. Scroll down to HTTP/SSL settings and Click Manage certificates.

4. The Certificate Manager window will be displayed. Click Authorities.
5. Below the list of the current Certificate Authorities, Click the Import button.

6. Locate the certificate you downloaded earlier, and click Open.

7. In the Certificate authority window that appears, tick Trust this certificate for identifying websites and Trust this certificate for identifying email users.
8. Click OK.

9. You should now be able to see the certificate in the list of Authorities.

10. Optionally, click View to see details of the filtering certificate.

When do I need to perform these steps?

Installing an SSL certificate is usually required after configuring SWI Filtering for the first time, or when the certificate has expired or been re-issued.
If you are installing certificates manually on all of your Chromebook devices, these steps will need to be performed on each new device that is to be subject to SWI Filtering.

‍

Deploying SSL Certificates to Multiple Android Devices

You may choose to install a certificate manually, as per this article:

• For testing purposes on an individual client
• If your network has a small number of Android devices that need SWI Filtering
• If your Android devices are not managed using an MDM solution

If your network has a number of Android devices, you may prefer to deploy the certificate via your school's MDM (Mobile Device Management) solution.

‍

Installing an SSL Certificate (as a Trusted Root Certification Authority)

1. Download the certificate file by clicking on the 'Download N4L SSL Certificate' button above.
2. If you did not download the certificate file on the Android device that you are installing it on, you must transfer the certificate file to that device (e.g. via transfer cable or email)

This article shows assumes you are transferring the certificate to the device via email.

3. Open the email containing the certificate, and tap the attached certificate.
4. If the device has a pin code or pattern set, the device will prompt you to enter it. Enter the Pin Code or Pattern.

5. The Name the certificate pop up will be displayed.

6. Enter a name for the certificate. Tap OK.

Optional: Check that the Certificate is Trusted

To ensure that the installed certificate is Trusted, perform the following steps.
The exact location of the Trusted Credentials menu will depend on the version of Android the device is running.

1. Open the Settings App on the device.
2. Go to Security > Trusted Credentials, and tap the User tab

3. If the certificate is present in the list of User certificates, then the certificate installed correctly.

When to Perform These Steps

Installing an SSL certificate is usually required after configuring SWI Filtering for the first time, or when the certificate has expired or been re-issued.
If you are installing certificates manually on all of your Android devices, these steps will need to be performed on each new device that is to be subject to SWI Filtering.

‍