Installing the CA Certifiacte

Importing GF4's CA certificate is required to use matrix and recommended for https, imap, etc.

What is this?

TLS also known as SSL is a technology used to cryptographically sign and encrypt stuff. GF4 signs data on domains that end in .gf4. For your applications to recognize these signatures, you must install GF4's root certificate. Otherwise, you will get privacy errors in your browser.

Follow these instructions to install the certificate on your computer or phone:

Fedora/Arch Linux (or p11-kit)

sudo mkdir -p /usr/local/share/ca-certificates
curl -sL www.gf4.pw/ca.crt | sudo tee /usr/local/share/ca-certificates/gf4.crt
sudo trust anchor /usr/local/share/ca-certificates/gf4.crt

source: Arch wiki: User:Grawity/Adding a trusted CA certificate

Debian/Ubuntu

sudo apt-get install -y ca-certificates curl
curl -sL www.gf4.pw/ca.crt | sudo tee /usr/local/share/ca-certificates/gf4.crt
sudo update-ca-certificates

source: Ubuntu server docs: Security trust store

Android

  1. Download the certificate from /ca.crt onto your android's internal storage
  2. Go to Settings > Security > More security settings > Encryption & credentials > Install a certificate > CA certificate. If you can't find it there, just search the settings for "CA certificate".
  3. Tap through any warnings ("Install anyway") and select the ca.crt file from the file browser.

Mac

Download the certificate from /ca.crt to your home directory and run this command in a terminal:

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/ca.crt

source: KerioConnect Help: Adding trusted root certificates to the server

iPhone

  1. Open www.gf4,pw/ca.crt in Safari.
  2. Safari will say "This website is trying to download a configuration profile. Do you want to allow this?". Tap Allow.
  3. Safari will then say "Review the profile in Settings app if you want to install it.". Tap Close.
  4. Settings -> General -> VPN & Device Management -> gf4 -> Install. If you get a warning that complains about this being an Unmanaged Root Certificate and Unverified Profile, tap Install again. You will notice that Not Verified in red will turn into Verified in green.
  5. Settings -> General -> About -> Certificate Trust Settings -> Enable Full Trust For Root Certificates -> gf4.

Windows

Download the certificate from /ca.crt run this command in a terminal in the same folder as the ca.crt file:

certutil -addstore -f "ROOT" ca.crt

source: KerioConnect Help: Adding trusted root certificates to the server

< Back