CA Certificate Installation Guide

Quick Index

Linux
Windows
MacOS
FreeBSD
Android
iOS
Firefox (on Windows/Linux/MacOS)
Python

For Linux (Tested on Ubuntu)

Download the CA Certificate from https://cacert.bose.dev/.
Copy the Certificate to the System Certificate Directory:
- Open a terminal.
- Copy the certificate file to the /usr/local/share/ca-certificates/ directory. This directory is used for system-wide certificates.
- Command: sudo cp /path/to/your/SB_CA.pem.crt /usr/local/share/ca-certificates/
Update the CA Certificate Store:
- Run the following command to update the system's certificate store:
- Command: sudo update-ca-certificates
- This command will add the new certificate to the system's trusted CA list.

For Windows

Quick Method:

Download the CA Certificate from https://cacert.bose.dev/ and locate the file in File Explorer.
Double-Click the Certificate File:
- Navigate to the folder where the certificate file is saved.
- Double-click the certificate file. This will open the Certificate Viewer.
Open the Certificate Installation Wizard:
- In the Certificate Viewer, click the Install Certificate button at the bottom of the window.
- The Certificate Import Wizard will open. In Store location to install, selet
- Click Next.
- In the Certificate Viewer, click the Install Certificate button at the bottom of the window.
Choose the Certificate Store:
- Select Place all certificates in the following store.
- Click Browse and choose Trusted Root Certification Authorities.
- Click OK, then click Next.
Complete the Wizard:
- Review the settings and click Finish.
- A confirmation dialog will appear if the import is successful. Click OK.

Through Windows Certificate Store (alternative):

Download the CA Certificate from https://cacert.bose.dev/.
Open the Certificate Manager:
- Press Windows + R to open the Run dialog.
- (Preferred) To install the certificate for all users on the system, type certlm.msc and press Enter (requires administrator privileges).
- (Alternative) To install for current users only, Type certmgr.msc instead and press Enter. This opens the Certificate Manager for the current user.
Import the Certificate:
- In the Certificate Manager:
  1. Expand the Trusted Root Certification Authorities folder in the left-hand pane.
  2. Right-click on the Certificates folder under it.
  3. Select All Tasks > Import.
Use the Certificate Import Wizard:
- The Certificate Import Wizard will open. Click Next.
- Click Browse to locate your CA certificate file.
- If the file is not visible, change the file type filter to All Files (*.*).
- Select the certificate file and click Open, then click Next.
Choose the Certificate Store:
- Ensure the option Place all certificates in the following store is selected.
- The store should already be set to Trusted Root Certification Authorities. If not, click Browse and select it.
- Click Next.
Complete the Wizard:
- Review the settings and click Finish.
- A confirmation dialog will appear if the import is successful. Click OK.

For MacOS

Download the CA Certificate from https://cacert.bose.dev/.
Double-Click the Certificate File:
- Locate the certificate file in Finder.
- Double-click the certificate file. This will open the Keychain Access application.
Choose the Keychain:
- In the Keychain Access window, you'll be prompted to select a keychain to add the certificate to:
  - System (preferred): Installs the certificate for all users on the system (requires administrator privileges).
  - Login (alternative if no admin privileges): Installs the certificate for the current user only.
- Select the appropriate keychain and click Add.
Trust the Certificate:
- After adding the certificate, locate it in the keychain you selected (e.g., Login or System).
- Double-click the certificate to open its details.
- Expand the Trust section.
- For When using this certificate, select Always Trust.
- Close the certificate details window. You may be prompted to enter your password to confirm the changes.

For FreeBSD

Download the CA Certificate from https://cacert.bose.dev/.
Copy the Certificate to the System Certificate Directory:
- Open a terminal on your FreeBSD system.
- Copy the certificate file to the /usr/local/share/certs/ directory. This directory is commonly used for system-wide certificates.
- Command: sudo cp /path/to/your/SB_CA.pem.crt /usr/local/share/certs/
Update the CA Certificate Store:
- FreeBSD uses the ca_root_nss package to manage trusted root certificates. If it's not already installed, install it:
- Command: sudo pkg install ca_root_nss
- Update the system's certificate store by running:
- Command: sudo certctl rehash
- This command will add and enable certificate in the system's trusted CA list.

For Android

Download the CA Certificate from https://cacert.bose.dev/.
Open the Certificate File:
- On your Android device, locate the certificate file using a file manager app (e.g., Files by Google).
- Tap on the certificate file to open it.
Install the Certificate:
- You will be prompted to name the certificate. Enter a name (e.g., "SB CA Certificate").
- Select VPN and apps as the certificate usage type.
- Tap OK or Install.
- If prompted, confirm your device's lock screen credentials (PIN, pattern, or password).

Optional: Install the Certificate for Firefox

Some apps, like Firefox, use their own certificate store. To install the certificate follow these steps:

Go to Settings > About Firefox.
Tap the Firefox logo 5 times to enable debugging options.
Go back to Settings and open Advanced > Certificates.
Tap Import and select your CA certificate file.

For iOS

Download the CA Certificate from https://cacert.bose.dev/.
Open the Certificate File:
- Open the Files app and locate the certificate.
- Tap the certificate file to open it.
Install the Certificate:
- You will see a prompt asking if you want to install the profile. Tap Allow.
- Go to Settings > General > VPN & Device Management (or Profiles & Device Management on older iOS versions).
- Under the Downloaded Profile section, tap the certificate profile.
- Tap Install in the top-right corner.
- If prompted, enter your device passcode.
- Tap Install again to confirm.
Trust the Certificate:
- After installing the certificate, go to Settings > General > About > Certificate Trust Settings.
- Find your installed CA certificate under Enable Full Trust for Root Certificates.
- Toggle the switch next to the certificate to enable full trust.

For Firefox (on Windows/Linux/MacOS/FreeBSD)

Firefox uses its own CA certificate bundle, which is independent of OS's CA bundle/store. So, in addition to CA certificate installation to your OS, you also need to install it in Firefox.
To install a CA certificate in Firefox, follow these steps:

Download the CA Certificate from https://cacert.bose.dev/.
Open Firefox Settings:
- Launch Firefox.
- Click on the menu button (three horizontal lines) in the top-right corner.
- Select Settings (or Preferences on macOS).
Navigate to Privacy & Security:
- In the left-hand menu, click on Privacy & Security.
Scroll to Certificates:
- Scroll down to the Certificates section.
View Certificates:
- Click on the View Certificates button.
Import the CA Certificate:
- In the Certificate Manager, go to the Authorities tab.
- Click on the Import button.
- Browse to the location of your CA certificate file, select it, and click Open.
Trust the Certificate:
- A dialog box will appear asking you to confirm the trust settings for the certificate.
- Check the boxes for the purposes you want to trust the certificate for (e.g., Trust this CA to identify websites).
- Click OK.

For Python programming

By default Python uses its own CA certificate bundle. So OS's system-wide installation will not be enough.
You have three options:

Option 1 (recommended): Make Python use the system-wide CA certificate bundle file by setting SSL_CERT_FILE environment variable (not applicable for Windows as Windows does not have CA bundle file):

First make sure you have already done system-wide install of the download CA certificate from https://cacert.bose.dev/, following your OS specific steps as outlined above in this document.
Locate the path of your system CA bundle file.
This depends on your OS, e.g., for Linux: /etc/ssl/certs/ca-certificates.crt, for macOS: /etc/ssl/cert.pem, for FreeBSD: /etc/ssl/cert.pem.
Add this to your /etc/profile or .bash_profile or .bashrc file (or equivalent file for your OS/shell):
export SSL_CERT_FILE=/path/to/your/system-ca-cert-bundle-file. Use the path of the file you located in the previous step.

Option 2: Update the CA bundle file of Python to add your CA.

Download the CA Certificate file SB_CA.pem.crt from https://cacert.bose.dev/.
Run terminal command:
pip install certifi
Run this in Python to get the location of Python's CA bundle file:
```
import certifi
certifi.where()
```
This will output location of Python's CA bundle file, e.g., /usr/local/lib/python3.8/site-packages/certifi/cacert.pem.
Append the content of SB_CA.pem.crt to the Python's CA bundle file with this command.
cat /path/to/SB_CA.pem.crt >> /path/to/python/cacert.pem
Be sure to check the file paths are correct, you have required file permission to read/write, and take backup of the original file before running this command.

Option 3: Add the CA certificate during the runtime of your code:

Download the CA Certificate file SB_CA.pem.crt from https://cacert.bose.dev/.

Use this in your Python code:

import ssl
import urllib.request

# Create an SSL context with your downloaded CA certificate
ssl_context = ssl.create_default_context(cafile='/path/to/SB_CA.pem.crt')

# Use the context in your HTTPS requests
response = urllib.request.urlopen('https://verify.cacert.bose.dev', context=ssl_context)
print(response.read())