For information on why an SSL Certificate is required for SSL Inspection, seeĀ SSL Inspection
Deploying SSL Certificates to Multiple Apple OS X Devices
You may choose to install a certificate manually, as per this article:
- For testing purposes on an individual client
- If your network has a small number of devices that need SSL Filtering
- If your network does not have any method of deploying a certificate
If your network has a number of Apple OS X devices, you may prefer to deploy the certificates via Profile Manager.
When installing certificates manually onto devices which run Apple OS X, some additional steps are required to maintain maximum security. This involves installing the certificate into the correct keychain. There are three options to choose from.
| Keychain | Use Case |
|---|
| login | The logged on user - Where the device will be used by only one staff member/student, or where only one user may have consented to having their secure traffic inspected. |
| Local Items | This is the Keychain for Cached iCloud Passwords. |
| System | Where the device will be used by multiple users |
This guide assumes you have chosen the System keychain, but the steps should be very similar for the login keychain.
Installing an SSL Certificate (as a Trusted Root Certification Authority)
Download the certificate file from the N4L SSL Inspection Certificate page.
- Click on the certificate file in your browser, or Double-click the certificate file in Finder.
- The Add Certificate window will appear. Click Install Certificate...
Figure 1: The Add Certificates window - choose the Keychain in which to store the certificate
-
Choose a Keychain (see Considerations) and click Add.
Figure 2: The System Keychain selected
-
You will be asked to verify your Password to modify the Keychain. Enter your password and click Modify Keychain.
Figure 3: The Keychain Access verification window
The Certificate is added to the Keychain.
Ensure you can see the certificate in the list.
-
In Keychains, click System then, in Category click Certificates
The System - Certificates are listed.
Figure 4: The Keychain Access - System - Certicates list
Trusting the Certificate
-
Double Click on the Certificate to trust.
Figure 5: The Keychain Access - System - Certicates list
The Certificate Detail window will be displayed.
-
Click on >Trust
Figure 6: The Certificate Detail window
The Trust section expands.
-
Click on the When using this certificate: drop down list, and choose Always Trust
Figures 7 & 8: The Trust section and Drop-Down
All of the Drop-Downs will change to Always Trust.
-
Click on the Exit button (Red, top left corner of window).
Figure 9: Everything marked as trusted
You will be asked for your password to verify the change.
-
Enter your password and Click the Update Settings button.
Figure 10: Confirm with your password
In the Certificate list, the Certificate should now show that it is trusted.
Figure 11: The Certificate List
-
Close Keychain Access.
When To Perform These Steps
Installing an SSL certificate is usually required after configuring SSL Filtering for the first time, or when the certificate has expired or been re-issued.
If you are installing certificates manually on all of your Apple OS X devices, these steps will need to be performed on each new device that is to be subject to SSL Filtering.
