Download the Root CA Certificate

Prerequisites

To perform the tasks in this section, you need the following Roving Edge device items:

• IP address
• hostname
• Username
• Password

Ensure The Host Has OpenSSL Installed

Most Linux and MacOS computers have OpenSSL installed. For Microsoft Windows, you might need to install OpenSSL.

To decide if OpenSSL is installed on Microsoft Windows, search for openssl. If OpenSSL isn't installed, follow the organization's best practices for installing OpenSSL.

The following links take you to popular OpenSSL sites from which OpenSSL can be obtained:

• https://wiki.openssl.org/index.php/Binaries
• https://github.com/curl/curl-for-win
• https://curl.se/windows/

Task 1 - Configure the hosts File

Adding the device IP address and hostname to the hosts file the computer to find the Device Console IP address regardless of the DNS configuration.

Use one of the following procedures based on the OS.

Linux

1. In a text editor, open the /etc/hosts file. The following example uses the vim editor:

   sudo vim /etc/hosts

2. Enter the administrator password.

3. Open a new line and enter the device IP address and hostname. Example:

   198.168.0.1    my-1234567  my-device-hostname

4. Save the /etc/hosts file.

MacOS

1. Open a terminal:

   Navigate to Finder > Utilities, then select Terminal.

2. Open the /etc/hosts file in a text editor. The following example uses the nano editor:

   sudo nano /etc/hosts

3. Enter the administrator password.

4. Create a new line and enter the device IP address and hostname. Example:

   198.168.0.1    my-1234567  my-device-hostname

5. Save the /etc/hosts file.

Microsoft Windows

1. Open Notepad as the administrator.

2. In Notepad, open the following file:

   C:\Windows\System32\drivers\etc\hosts

3. Open a new line and enter the device IP address and hostname. Example:

   198.168.0.1    my-1234567  my-device-hostname

4. Save the hosts file.

Task 2 - Download the Root Certificate File from the Device

Use one of the following procedures based on the computer OS.

If the computer runs Microsoft Windows, also select the procedure based on the browser type.

Linux and MacOS

1. In a terminal window, use the following command to download the certificate from the Roving Edge device:

   echo -n | openssl s_client -showcerts -connect <device_ip_address>:8015 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > $HOME/redroot.pem

   The root certificate redroot.pem is downloaded to the home directory.

Microsoft Windows with Firefox

The following steps are for Firefox version 115.

Note

Browsers evolve over time. If some browser steps don't match what you see in the browser, consult the browser documentation.

1. In the browser address field, enter the device address and port number:

   https://<device_hostname>:8015

   If a security risk warning is displayed, accept the risk, and ignore the warning: Roving Edge Device is currently unavailable.

2. Click the padlock symbol that's to the upper left of the browser address bar.

3. In the Site Information dialog box, select Connection Secure, then select More information.

   The Firefox Security menu is displayed.

4. Select View Certificate.

   The Device Console now displays certificate information.

5. Select the tab called <hostname>-root-CA .

6. Scroll down to the Miscellaneous section.

7. Select the PEM (Cert) link, and save the file somewhere convenient such as the Downloads folder.

Microsoft Windows with Edge

The following steps are for Microsoft Edge version 128.0.2739.67.

Note

Browsers evolve over time. If some browser steps don't match what you see in the browser, consult the browser documentation.

1. In the browser address field, enter the device address and port number:

   https://<device_hostname>:8015

2. Select the secure icon next to the URL.

3. Select Certificate or Manage Certificate.

4. Select Details.

5. Select Export.

6. Browse to a convenient download location such as Downloads.

7. Select Save.

   The root certificate file is saved with a .crt extension.

Microsoft Windows with Chrome

The following steps are for Google Chrome version 135.0.7049.42.

Note

Browsers evolve over time. If some browser steps don't match what you see in the browser, consult the browser documentation.

1. In the browser address field, enter the device address and port number:

   https://<device_hostname>:8015

   The sign-in page reports that the device is unavailable because the connection is insecure until the certificate is imported.

2. Select the Not secure icon next to the URL field.

3. Select Certificate details.

4. Select the Details tab.

5. Under Certificate Hierarchy, select the top certificate.

6. Select Export.

7. Browse to a convenient download location such as Downloads.

8. Select Save.

9. Close the Certificate Viewer.

Task 3 - Import the Root Certificate into The Browser

Import the downloaded root certificate into the browser using one of the following tasks based on the browser type.

Firefox

Note

Browsers evolve over time. If some browser steps don't match what you see in the browser, consult the browser documentation.

1. In Firefox, use the navigation menu to open Settings.

2. In the Find in Settings field, enter certificates.

3. Select View Certificates.

   The Certificate manager is displayed.

4. With the Authorities tab selected, select Import.

   Browse to the location of the downloaded certificate file, select it, then select Open.

5. In the Certificate Manager, select Trust this CA to identify websites, then select OK.

6. In the Certificate Manager, select OK.

7. Refresh the browser tab that's connected to the device.

   You're prompted to enter the username and password.

Edge

Note

Browsers evolve over time. If some browser steps don't match what you see in the browser, consult the browser documentation.

1. In Edge, use the navigation menu to open Settings.

2. In the Find in Settings field, enter certificates.

3. Select Manage certificates.

   The Certificate manager is displayed.

   1. In the Certificates dialog box, select Import.

   2. In the Import Wizard, select Next.
   3. Select Browse, and navigate to the location of the downloaded certificate file.

   4. In the file type menu, select All Files.

   5. Select the downloaded certificate file, and select Open.

   6. Select Next.

   7. Select Automatically select the certificate store based on the type of certificate.

   8. Select Next.

   9. Select Finish.

   10. Select OK.

   11. In the Certificate manager, select Close.

       Now you can sign in to the Device Console.

4. Refresh the browser tab that's connected to the device.

   You're prompted to enter the username and password.

Chrome

Note

Browsers evolve over time. If some browser steps don't match what you see in the browser, consult the browser documentation.

1. In Chrome, use the navigation menu to open Settings.

2. Select Privacy and security.

3. Select Security.

4. Select Manage certificates.

5. Select Manage imported certificates.

   The Certificate Manager is displayed.

6. Select the Trusted Root Certificates tab.

7. Select Import.

   The Certificate Wizard is displayed.

8. Select Next.

9. Select Browse, and browse to the location of the downloaded certificate file, select it, then select Open, then select Next.

10. Select Place all certificates in the following store, then select Next.

11. Select Finish.

12. Select OK to acknowledge the import was successful.

13. Close the Certificate Wizard.

14. Refresh the browser tab that's connected to the device.

    You're prompted to enter the username and password.

The Roving Edge device is installed and ready for use.