Skip to main content

๐Ÿ“ƒ Import certificates to your browser

You must import two certificates to your favorite browserโ€™s certificate store if you want to log in to the console and avoid the security warnings when you visit it.

tip

The Windows installer should add these certificates for you but if you need to import them, here's how you can do it.

warning

The folder where the certificates are located require administrator privileges to get access to them.

In Linux machines you can use this commands to create a copy of the required certificates to the /tmp folder that you can use to import the certificates

sudo cp /etc/openuem-server/certificates/ca/ca.cer /tmp
sudo cp /etc/openuem-server/certificates/users/admin.pfx /tmp
sudo chmod 666 /tmp/ca.cer
sudo chmod 666 /tmp/admin.pfx

1. The Certificate Authority (ca.cer):โ€‹

The Certificate Authority (CA) certificate file should be in the following locations:

  • Docker: certificates/ca/ca.cer in the docker compose folder
  • Linux: /etc/openuem-server/certificates/ca/ca.cer
  • Windows: C:\Program Files\OpenUEM Server\certificates\ca\ca.cer

You must import the certificate according to your browserโ€™s settings

1.1 Chrome/Chromium/Braveโ€‹

  1. Go to Settings -> Privacy and Security. Scroll and click on the Security section. Scroll to Manage Certificates and click on it.
  2. Go to Local certificates and find the Custom section. Click on Installed by you.
  3. Next to Trusted certificates click on Import and select the location for the certificate.

1.2 Edgeโ€‹

  1. Go to Settings -> Privacy, search, and services. Scroll to Security and click on Manage certificates.
  2. Go to Local certificates and click on Manage imported certificates from Windows.
  3. In the new window, click on the Trusted Root Certification Authorities tab and then click on Import and select the location for the certificate.
warning

In Windows, a warning will be shown when the Certificate Authority is imported. That warning is expected as you must confirm that you want to trust the certificates generated by this custom certificate authority.

1.3 Firefoxโ€‹

  1. Go to Settings -> Privacy and Security. Find the Security section and in Certificates click on View Certificates.
  2. Import the CA certificate in the Authorities tab by selecting the location of the ca.cer file.
  3. Check "Trust this CA to identify websites" so that the CA can be used to validate web servers.

2. The administrator certificate:โ€‹

The file should be in the following locations:

  • Docker: certificates/users/admin.pfx in the docker compose folder
  • Linux: `/etc/openuem-server/certificates/users/admin.pfx``
  • Windows: C:\Program Files\OpenUEM Server\certificates\users\admin.pfx`
warning

The certificate is protected with the password changeit by default unless you've set a different password when you installed OpenUEM.

You must import the certificate according to your browserโ€™s settings

2.1 Chrome/Chromium/Braveโ€‹

  1. Go to Settings -> Privacy and Security. Scroll and click on the Security section. Scroll to Manage Certificates and click on it.
  2. Go to Your certificates and click on Manage imported certificates from Windows.
  3. In the new window, click on the Personal tab tab and then click on Import and select the location for the admin.pfx certificate. Use the password to import it

2.2 Edgeโ€‹

  1. Go to Settings -> Privacy, search, and services. Scroll to Security and click on Manage certificates.
  2. Go to Your certificates and click on Manage imported certificates from Windows.
  3. In the new window, click on the Personal tab tab and then click on Import and select the location for the admin.pfx certificate. Use the password to import it

2.3 Firefoxโ€‹

  1. Go to Settings -> Privacy and Security. Find the Security section and in Certificates click on View Certificates.
  2. Import the certificate in the Your Certificate tab by selecting the location of the admin.pfx file. Use the password to import it

3. MacOSโ€‹

If you use Mac and find problems importing the admin.pfx certificate to your Chrome browser or Keychain, like invalid password, you may have to convert the PFX file opening a MacOS terminal and executing the following commands:

openssl pkcs12 -in admin.pfx -out admin.pem
openssl pkcs12 -export -in admin.pem -out new_admin.pfx -legacy

Then try to import the new admin pfx file