We use cookies to improve your experience. You can accept or refuse them. Learn more in our Privacy Policy.

Installing the Root CA Certificate

Install the Siovos Root CA certificate on macOS, Windows, and Linux to access your services securely

After deploying your infrastructure with Step-CA enabled, you need to install the Root CA certificate on your computer to access services like Rancher, Harbor, and other HTTPS endpoints without security warnings.

Why is this needed?#

Your deployed infrastructure uses a private Certificate Authority (Step-CA) to issue SSL/TLS certificates for internal services. Since this CA is private and not publicly trusted (like Let's Encrypt), your operating system doesn't recognize it by default.

Installing the Root CA certificate tells your system: "Trust certificates issued by this authority."

This is a one-time setup per computer. Once installed, all browsers and applications will trust your infrastructure's SSL certificates.

macOS Installation#

On macOS, Siovos Desktop will automatically generate a signed configuration profile (.mobileconfig) to install the certificate. Due to macOS security policies, you'll need to manually approve the installation in System Settings.

Step 1: Start the Installation#

  1. Open Siovos Desktop
  2. Go to the Infrastructure page
  3. Click "Install SSL Certificate"

The application will open a configuration profile automatically.

Step 2: Open System Settings#

After clicking the install button, macOS will display a notification. You need to go to System Settings to complete the installation.

  1. Open System Settings (click Apple menu → System Settings)
  2. Navigate to GeneralDevice Management (or Profiles on older macOS versions)

Step 3: Install the Profile#

  1. You'll see "Siovos Root CA" in the list of profiles
  2. Click on it to view the details
  3. Click "Install..."
  4. Enter your Mac password when prompted
  5. Click "Install" again to confirm

Step 4: Verify Installation#

Once installed, the profile will show as "Verified" with a green checkmark. You can now access your services:

  • https://rancher.internal
  • https://harbor.internal
  • Other configured services

Certificate not trusted? If you still see security warnings in your browser, try:

  1. Completely quit and restart your browser
  2. Clear your browser's SSL cache
  3. Verify the profile shows as "Installed" in System Settings

Why can't this be automatic?#

Apple's security model requires explicit user consent for trusting new Certificate Authorities. This protects you from malicious software silently installing root certificates. Even signed applications from verified developers (like Siovos Desktop) cannot bypass this security measure.

This is the same process used by enterprise IT departments and MDM solutions.

Windows Installation#

On Windows, the certificate installation process uses the Windows Certificate Manager.

Automatic Installation#

  1. Click "Install SSL Certificate" in Siovos Desktop
  2. A Windows UAC prompt will appear asking for administrator access
  3. Click "Yes" to allow the installation
  4. The certificate will be added to the Windows certificate store

Manual Installation (if needed)#

If automatic installation fails:

  1. Locate the certificate file on your Desktop: siovos-root-ca.crt
  2. Right-click the file and select "Install Certificate"
  3. Choose "Local Machine" and click Next
  4. Select "Place all certificates in the following store"
  5. Click Browse and select "Trusted Root Certification Authorities"
  6. Click Next, then Finish

Linux Installation#

On Linux, the certificate is installed system-wide using the OS certificate store.

Automatic Installation#

  1. Click "Install SSL Certificate" in Siovos Desktop
  2. You'll be prompted for your password (via pkexec or sudo)
  3. The certificate will be copied to /usr/local/share/ca-certificates/
  4. The certificate store will be updated automatically

Manual Installation (Debian/Ubuntu)#

sudo cp ~/Desktop/siovos-root-ca.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates

Manual Installation (RHEL/Fedora)#

sudo cp ~/Desktop/siovos-root-ca.crt /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust

Troubleshooting#

Browser still shows security warning#

  1. Restart your browser completely (all windows)
  2. Clear the browser's SSL state/cache
  3. Verify the certificate is installed in your system's trust store

Profile won't install on macOS#

  • Make sure you're using macOS 10.15 or later
  • Try downloading the profile again from Siovos Desktop
  • Check that your user account has administrator privileges

Certificate expired#

Root CA certificates are valid for 10 years. If your certificate has expired:

  1. Redeploy your infrastructure with Step-CA enabled
  2. Download and install the new certificate
  3. Remove the old profile from System Settings

Need help? Contact our support team

Was this page helpful?

Installing the Root CA Certificate | Siovos