Adding Server Certificate to Client Workstations

Client workstations need to trust the ClearOS server as a Certificate Authority in order to properly recognize certificates signed by the server. This process is useful so that all secure transactions between the workstation and the server can proceed without the typical warnings that would commonly be given. Some services that use certificates include:

  • Web Server
  • Webconfig
  • FTPS
  • Wireless/HostAPD

Getting the CA Certificate

It is recommended that in an office environment that the installation of the ClearOS CA certificate be performed on all workstations that will connect to the server. Distribution of the certificate can be accomplished by using a USB key or in some cases, can be distributed by the login script (Windows Networking Method).

First, you must have already completed the Install wizard in the ClearOS Webconfig. The section that is vital is the 'Organization Information'. ClearOS uses this information to craft the Certificate Authority (CA).

The CA certificate is located at /etc/ssl/ca-cert.pem. You can download in Webconfig from <navigation>System>Security>Certificate Manager</navigation>. Click the View button next to Certificate Authority. Click Download.

Windows Client Configuration

Mac OSX Configuration

Open up Keychain Access in Mac OSX (<navigation>Applications>Utilities>Keychain Access</navigation>). Click on File, Import Items…*

Insert your credentials.


Now that the workstation trusts the CA on the ClearOS server, certificates issued by that server will also be trusted. To test this, navigate to the ClearOS WebConfig page using the hostname (you will get a certificate name mismatch if you use the IP address).


content/en_us/kb_howtos_adding_server_certificate_to_client_workstations.txt · Last modified: 2015/02/11 16:44 (external edit)