Once your certificate is signed by FortiAuthenticator, you need to import the certificate into users' browsers.
If you have the right environment, such as the Windows Group Policy Management Console, you can push the certificate to users' browsers using the Windows Group Policy Editor. In this case, you do not have to import the certificate into users' browsers.
The method you use for importing the certificate varies depending on the type of browser.
Internet Explorer, Chrome, and Safari use the operating system's certificate store for Internet browsing. If users will be using these browsers, you must install the certificate into the certificate store for the OS.
- If you are using Windows 7/8/10, double-click the certificate file and select Open. Select Install Certificate to launch the Certificate Import Wizard.
- Use the wizard to install the certificate into the Trusted Root Certificate Authorities store. If a security warning appears, select Yes to install the certificate.
- If you are using macOS, double-click the certificate file to launch Keychain Access.
- Locate the certificate in the Certificates list and select it. Expand Trust and select Always Trust. If necessary, enter the administrative password for your computer to make this change.
Firefox has its own certificate store. To avoid errors in Firefox, the certificate must be installed in this store, rather than in the OS.
If users are using Firefox, instead of being pushed to all of their devices, the certificate must be installed on each device.
- In Firefox, go to Options > Privacy & Security (Windows) or Preferences > Privacy & Security (macOS).
Scroll down to the Certificates section. Select View Certificates, select the Authorities list. Import the certificate and set it to be trusted for website identification.