When your certificate is signed by FortiAuthenticator, import the certificate into users' browsers.
If you have an environment such as the Windows Group Policy Management Console, you can push the certificate to users' browsers using the Windows Group Policy Editor. In this case, you do not have to import the certificate into users' browsers.
The method you use for importing the certificate depends on the type of browser.
Internet Explorer, Chrome, and Safari use the operating system's certificate store for Internet browsing. If users will be using these browsers, you must install the certificate into the certificate store for the OS.
- Double-click the certificate file and select Open.
- Select Install Certificate to launch the Certificate Import Wizard.
- Use the wizard to install the certificate into the Trusted Root Certificate Authorities store.
If a security warning appears, select Yes to install the certificate.
- Double-click the certificate file to launch Keychain Access.
- Locate the certificate in the Certificates list and select it.
- Expand Trust and select Always Trust.
If necessary, enter the computer's administrative password.
Firefox has its own certificate store. To avoid errors in Firefox, the certificate must be installed in this store rather than in the OS.
On Firefox, you must install the certificate on each device. It cannot be pushed onto all user devices.
- In Firefox for Windows, go to Options > Privacy & Security.
In Firefox for macOS, go to Preferences > Privacy & Security.
- In the Certificates section, select View Certificates and select the Authorities list.
Import the certificate and set it to be trusted for website identification.