Step 1. Download the N4L SSL Certificate

Click the button below to download the N4L Certificate onto your device.

Step 2. Install the N4L SSL Certificate

Click on your device type below and then follow the step by step instructions to successfully install the N4L SSL Certificate onto your device.

Windows Device Installation Instructions

Deploying SSL Certificates to Multiple Windows Devices

You may choose to install a certificate manually, as per this article:

  • For testing purposes on an individual client
  • If your network has a small number of devices that need SWI Filtering
  • If your network does not have any method of deploying a certificate

If your network has a number of Windows devices, you may prefer to deploy the certificates via Group Policy (if you have an Active Directory server) or using a script.

Considerations

When installing certificates manually onto devices which run Microsoft Windows, some additional steps are required to maintain maximum security, this involves installing the certificate into the correct location and certificate store during the certificate installation wizard. There are two options to choose from.

Installing an SSL Certificate (as a Trusted Root Certification Authority)
  1. Download the certificate file by clicking on the 'Download N4L SSL Certificate' button above.
  2. Right-click on the certificate file, and choose Open. You may see a Security Warning window. If so, choose Open.

Figure 1: The Security Warning dialog - choose Open to continue

  1. The Certificate window will appear. Click Install Certificate...
User-added image
Figure 2: The certificate window. This shows details about the certificate
  1. Choose a Store Location (see Considerations) and click Next
User-added image
Figure 3: Choosing a certificate store
  1. On the next screen, click Browse. Choose the Trusted Root Certification Authorities store. Click OK.
User-added image
Figure 4: Click Browse to bring up the Select Certificate Store window
  1. Click Finish.
User-added image

Figure 5: Click Finish to complete the certificate installation process

When To Perform These Steps

Installing an SSL certificate is usually required after configuring SWI Filtering for the first time, or when the certificate has expired or been re-issued.
If you are installing certificates manually on all of your Windows devices, these steps will need to be performed on each new device that is to be subject to SWI Filtering.

Apple Mac OS X Device Installation Instructions

Deploying SSL Certificates to Multiple Apple OS X Devices

You may choose to install a certificate manually, as per this article:

  • For testing purposes on an individual client
  • If your network has a small number of devices that need SWI Filtering
  • If your network does not have any method of deploying a certificate

If your network has a number of Apple OS X devices, you may prefer to deploy the certificates via Profile Manager.

Considerations

When installing certificates manually onto devices which run Apple OS X, some additional steps are required to maintain maximum security. This involves installing the certificate into the correct keychain. There are three options to choose from.


This guide assumes you have chosen the System keychain, but the steps should be very similar for the login keychain.

Installing an SSL Certificate (as a Trusted Root Certification Authority)
  1. Download the certificate file by clicking on the 'Download N4L SSL Certificate' button above.
  2. Click on the certificate file in your browser, or Double-click the certificate file in Finder.
  3. The Add Certificate window will appear. Click Install Certificate...
User-added image
Figure 1: The Add Certificates window - choose the Keychain in which to store the certificate
  1. Choose a Keychain (see Considerations) and click Add.
User-added image
Figure 2: The System Keychain selected
  1. You will be asked to verify your Password to modify the Keychain. Enter your password and click Modify Keychain.
User-added image
Figure 3: The Keychain Access verification window

The Certificate is added to the Keychain.

Ensure you can see the certificate in the list.

  1. In Keychains, click System then, in Category click Certificates

The System - Certificates are listed.

User-added image
Figure 4: The Keychain Access - System - Certicates list
Trusting the Certificate
  1. Double Click on the Certificate to trust.
User-added image
Figure 5: The Keychain Access - System - Certicates list

The Certificate Detail window will be displayed.

  1. Click on >Trust
User-added image
Figure 6: The Certificate Detail window

The Trust section expands.

  1. Click on the When using this certificate: drop down list, and choose Always Trust
User-added image
User-added image
Figures 7 & 8: The Trust section and Drop-Down

All of the Drop-Downs will change to Always Trust.

  1. Click on the Exit button (Red, top left corner of window).
User-added image
Figure 9: Everything marked as trusted

You will be asked for your password to verify the change.

  1. Enter your password and Click the Update Settings button.
User-added image
Figure 10: Confirm with your password

In the Certificate list, the Certificate should now show that it is trusted.

User-added image
Figure 11: The Certificate List
  1. Close Keychain Access.
When To Perform These Steps

Installing an SSL certificate is usually required after configuring SWI Filtering for the first time, or when the certificate has expired or been re-issued.
If you are installing certificates manually on all of your Apple OS X devices, these steps will need to be performed on each new device that is to be subject to SWI Filtering.

iOS Device Installation Instructions

Is this the only way to install an SSL certificate on an iOS device?

You may choose to install a certificate manually, as per this article:

  • For testing purposes on an individual client
  • If your network has a small number of iOS devices that need SWI Filtering
  • If your iOS devices are not managed using an MDM solution, or Apple Configurator 2

If your network has a number of iOS devices, you may prefer to deploy the certificate via your school's MDM (Mobile Device Management) solution, or Apple Configurator 2

Installing an SSL Certificate (as a Trusted Root Certification Authority)
  1. On the iOS device, open 'cert.n4l.co.nz' in the Safari browser.
  2. Tap on the 'Download N4L SSL Certificate' button above.

The device will show a message: "This website is trying to open Settings to how you a configuration profile. Do you want to allow this?"

  1. Tap Allow.

The Install Profile screen will be displayed.

User-added image
Figure 1: The Install Profile screen
  1. In the top right corner, tap Install.
  2. If the iOS device has a passcode set, the device will prompt you to enter it. Enter the passcode.
User-added image
Figure 2: The passcode entry screen
  1. A certificate warning will be displayed. Tap Install. If a second prompt is displayed, tap Install again.
User-added image
Figure 3: The Certificate Warning screen

User-added image
Figure 4: The second install prompt.
  1. The Profile Installed screen is displayed. Tap Done.
User-added image
Figure 5: Tap done to complete the process
Trusting the Certificate

Before the certificate can be used as intended, it must be trusted by the device.

  1. On the device, go to Settings > General > About > Certificate Trust Settings.

The installed Root Certificates will be displayed in a section entitled "Enable Full Trust for Root Certificates."

There is a slide button next to each certificate.

User-added image
Figure 6: The Certificate Trust Settings page in Settings
  1. Tap the slide button next to the certificate you just installed.

A confirmation dialogue will be displayed.

  1. Tap Continue.
User-added image
Figure 7: The confirmation dialogue
When do I need to perform these steps?

Installing an SSL certificate is usually required after configuring SWI Filtering for the first time, or when the certificate has expired or been re-issued.
If you are installing certificates manually on all of your iOS devices, these steps will need to be performed on each new device that is to be subject to SWI Filtering.

Chromebook Installation Instructions

Is this the only way to install an SSL certificate on a Chromebook?

You may choose to install a certificate manually, as per this article:

  • For testing purposes on an individual client
  • If your Chromebooks are only used by one user
  • If your network has a small number of Chromebook devices that need SWI Filtering
  • If your Chromebooks are not managed

If your network has a number of Chromebook devices, you may prefer to deploy the certificates via the Device Management section of Google Admin (if your school uses Google G Suite for Education)

Important Note

On a Chromebook, SSL Certificates are applied at the User level.
This means that the certificate will need to be reinstalled for each user, if more than one user uses the device.

Installing an SSL Certificate (as a Trusted Root Certification Authority)
  1. Download the certificate file by clicking on the 'Download N4L SSL Certificate' button above.
  2. If you did not download the certificate file onto the Chromebook on which you are installing it, you must transfer the certificate file to that Chromebook (e.g. via USB drive or Google Drive)
  3. In the Chrome Browser of the device you are installing the certificate on, navigate to chrome://settings
  4. Scroll down to HTTP/SSL settings and Click Manage certificates.
User-added image
Figure 1: The Chrome Settings Page
  1. The Certificate Manager window will be displayed. Click Authorities.
  2. Below the list of the current Certificate Authorities, Click the Import button.
User-added image
Figure 2: The Certificate Authorities list
  1. Locate the certificate you downloaded earlier, and click Open.
User-added image
Figure 3: Selecting the Certificate file from the Downloads window
  1. In the Certificate authority window that appears, tick Trust this certificate for identifying websites and Trust this certificate for identifying email users.
  2. Click OK.
User-added image
Figure 4: Trusting the certificate
  1. You should now be able to see the certificate in the list of Authorities.
User-added image
Figure 5: The certificate appears in the list
  1. Optionally, click View to see details of the filtering certificate.
User-added image
Figure 6: The details view of the Trusted Root Authority Certificate (in Google Chrome)
When do I need to perform these steps?

Installing an SSL certificate is usually required after configuring SWI Filtering for the first time, or when the certificate has expired or been re-issued.
If you are installing certificates manually on all of your Chromebook devices, these steps will need to be performed on each new device that is to be subject to SWI Filtering.

Android Device Installation Instructions

Deploying SSL Certificates to Multiple Android Devices

You may choose to install a certificate manually, as per this article:

  • For testing purposes on an individual client
  • If your network has a small number of Android devices that need SWI Filtering
  • If your Android devices are not managed using an MDM solution

If your network has a number of Android devices, you may prefer to deploy the certificate via your school's MDM (Mobile Device Management) solution.

Installing an SSL Certificate (as a Trusted Root Certification Authority)
  1. Download the certificate file by clicking on the 'Download N4L SSL Certificate' button above.
  2. If you did not download the certificate file on the Android device that you are installing it on, you must transfer the certificate file to that device (e.g. via transfer cable or email)

This article shows assumes you are transferring the certificate to the device via email.

  1. Open the email containing the certificate, and tap the attached certificate.
  2. If the device has a pin code or pattern set, the device will prompt you to enter it. Enter the Pin Code or Pattern.
User-added image
Figure 1: The pattern entry screen
  1. The Name the certificate pop up will be displayed.
User-added image
Figure 2: The 'Name the certificate' pop up
  1. Enter a name for the certificate. Tap OK.
User-added image
Figure 3: Enter a name and tap OK (bottom right)
Optional: Check that the Certificate is Trusted

To ensure that the installed certificate is Trusted, perform the following steps.
The exact location of the Trusted Credentials menu will depend on the version of Android the device is running.

  1. Open the Settings App on the device.
  2. Go to Security > Trusted Credentials, and tap the User tab
User-added image
User-added image
Figures 4 & 5: How to find Trusted credentials in the Settings menu
  1. If the certificate is present in the list of User certificates, then the certificate installed correctly.
User-added image
Figure 6: The User certificate is trusted
When to Perform These Steps

Installing an SSL certificate is usually required after configuring SWI Filtering for the first time, or when the certificate has expired or been re-issued.
If you are installing certificates manually on all of your Android devices, these steps will need to be performed on each new device that is to be subject to SWI Filtering.