Skip to content

Instantly share code, notes, and snippets.

@AlekEagle

AlekEagle/install-root-ca.md

Last active October 21, 2023 19:37
Show Gist options
  • Save AlekEagle/af90e75b77533b020a66cb0b3c910d77 to your computer and use it in GitHub Desktop.
Save AlekEagle/af90e75b77533b020a66cb0b3c910d77 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
install-root-ca.md

Getting Started

What is a Root Certificate Authority?

A vast majority of the traffic on the internet is served in a secure way using certificates to both encrypt what we send over the internet, as well as verify the identity of a website. Nearly every website you visit on the internet has its own certificate that tells you that the website you are visiting is the real deal, and is not being impersonated. But just having a certificate for a website only goes so far, because anyone can create a certificate saying "I am this website!" Which is why we have Root Certificate Authorities, a special set of certificates that are used to sign certificates saying "This certificate that claims to be this website can be trusted in its claims." It's like a permission slip from a parent, the child can say you gave permission to go on the field trip, but without a signature from a trusted authority (the parents) it shouldn't be inherently trusted.

Why does this matter?

The server running the email services for A Call for Help uses its own certificate saying "I am mail.alekeagle.com" which is to be expected. The issue comes up from the fact that this certificate is issued from our own in-house Root Certificate Authority, which is not trusted by your device.

How do I fix this?

It's as easy as installing the Root Certificate Authority's public certificate and telling your device to trust it. It's like the permission slip being signed by your next door neighbor, by default your teacher won't trust the signature from them, unless your teacher is explicitly told that it's okay to trust the signature of your next door neighbor. In this analogy, your teacher is your device/web browser, the child is the website you are visiting, the parent is the Root Certificate Authorities that are trusted by default by your teacher (device/web browser), and your next door neighbor is a Root Certificate Authority that is not trusted by default. These instructions will detail how you can tell your device/web browser to trust our Root Certificate Authority.

Installing the Root Certificate Authority

You can download the Root Certificate Authority from here. It will be saved as JSO9ZYOEAs.crt (beautiful name right?). But don't download it quite yet, because you might have to download it at a specific time. We'll let you know when you need to download the certificate.

Android

Note: Android can be a bit of a nuisance when it comes to trusting certificates you install by yourself. Some web browsers (Firefox for example) can choose to not trust Root Certificate Authorities that you install. Google Chrome will trust those certificates though, so it's recommended that you use Google Chrome whenever visiting the webmail site.

  1. Download the Root Certificate Authority using the link above and save it.
  2. Navigate to the security options. (It might be called "Security and privacy" or something similar)
  3. Find and tap the button that says "Other security options".
  4. Find and tap the button that says "Install from device storage".
  5. Select "CA certificate" from the list of 3 options.
  6. Don't panic when the scary warning says that your privacy is at risk, there are circumstances that it can be true, but it is generally overdramatic, go ahead and select "Install anyway" and verify your identity with your fingerprint, password, pattern, etc.
  7. When it asks you to select an item, go to the Downloads folder, select the certificate, and then tap "Done".

After that you should be done! You can check to see if it worked by going to mail.alekeagle.com, if it does not give you any errors, then you did it correctly!

iPhone/iPad

  1. Open Safari and download the Root Certificate Authority using the link above.
  2. A message will display saying "This website is trying to download a configuration profile. Do you want to allow this?" or something similar. Tap "Allow".
  3. Open Settings and there should be a section at the top that says something like "Profile Downloaded", if it's there, go ahead and tap on it, if not, go to General > Profiles.
  4. Select the profile named "AlekEagle" and tap "Install". Enter your password, and then tap "Install" again.
  5. Go back to the General section in Settings, and go to About.
  6. Scroll down to the bottom and select "Certificate Trust Settings".
  7. Under the "Enable full trust for Root Certificates" section, turn the switch on for the certificate named "AlekEagle".

After that you should be done! You can check to see if it worked by going to mail.alekeagle.com, if it does not give you any errors, then you did it correctly!

MacOS

  1. Download the Root Certificate Authority using the link above.
  2. Find and open the application called "Keychain Access".
  3. In the left panel, select "login" under "Default Keychains".
  4. Open a Finder window, navigate to your Downloads folder, and drag and drop the certificate into the "Keychain Access" application.
  5. Locate the certificate named "AlekEagle", and double click on it.
  6. In the window that appears, open the dropdown menu titled "Trust".
  7. For the option called "When using this certificate" change the selection from "Use System Defaults" to "Always Trust" and close the window.
  8. Verify your identity when asked.

After that you should be done! You can check to see if it worked by going to mail.alekeagle.com, if it does not give you any errors, then you did it correctly!

Windows

  1. Download the Root Certificate Authority using the link above.
  2. Open the file once it is finished downloading.
  3. Click on "Install Certificate...".
  4. Select "Local Machine" for when asked for the "Store Location".
  5. Allow the program to make changes to your computer when asked.
  6. Select "Place all certificates in the following store".
  7. Click "Browse...", select "Trusted Root Certification Authorities", and click "OK".
  8. Click "Next" and finally "Finish".

After that you should be done! You can check to see if it worked by going to mail.alekeagle.com, if it does not give you any errors, then you did it correctly!

Firefox

  1. Download the Root Certificate Authority using the link above.
  2. Open Firefox settings.
  3. Navigate to the "Privacy & Security" section.
  4. Scroll down and find the "Security" subsection.
  5. Find the "Certificates" option and click the "View Certificates..." button.
  6. Select the "Authorities" tab if it isn't already selected.
  7. Click "Import..."
  8. Locate the certificate you downloaded in Step 1.
  9. When asked, select the options "Trust this CA to identify websites." and "Trust this CA to identify email users." and click OK.

After that you should be done! You can check to see if it worked by going to mail.alekeagle.com, if it does not give you any errors, then you did it correctly!

My operating system/browser isn't listed here!

I'll get to adding it soon, promise!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment