You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/install-cert-with-warp.mdx
+7-6Lines changed: 7 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -38,10 +38,11 @@ The certificate is required if you want to [apply HTTP policies to encrypted web
38
38
3. Turn on [**Install CA to system certificate store**](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#install-ca-to-system-certificate-store).
39
39
4.[Install](/cloudflare-one/connections/connect-devices/warp/download-warp/) the WARP client on the device.
40
40
5.[Enroll the device](/cloudflare-one/connections/connect-devices/warp/deployment/manual-deployment/) in your Zero Trust organization.
41
+
6. (Optional) If the device is running macOS Ventura `13.5` or newer, [manually trust the certificate](#manually-trust-the-certificate).
41
42
42
43
If a custom certificate is not provided, WARP will install the default [Cloudflare certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/install-cloudflare-cert/#download-the-cloudflare-root-certificate) in the system keychain for all users. If you uploaded a custom certificate, the WARP client will deploy your custom certificate instead of the Cloudflare certificate.
43
44
44
-
WARP will only install the [certificate set to **In-Use**](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/#certificate-status). If you turn on a new certificate for inspection, WARP will automatically install that certificate to your users' devices.
45
+
WARP will only install the [certificate set to **In-Use**](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/#certificate-status). If you turn on a new certificate for inspection, WARP will automatically install the new certificate to your users' devices and remove the old certificate.
45
46
46
47
Next, [verify](#access-the-installed-certificate) that the certificate was successfully installed.
47
48
@@ -72,16 +73,16 @@ To access the installed certificate in macOS:
72
73
3. Open your certificate. The default Cloudflare certificate is named **Cloudflare for Teams ECC Certificate Authority**.
73
74
4. If the certificate is trusted by all users, Keychain Access will display **This certificate is marked as trusted for all users**.
74
75
75
-
:::note
76
-
Certain macOS versions (including macOS Ventura `13.5` and newer) do not allow WARP to automatically trust the certificate. To manually trust the certificate:
76
+
The WARP client will also place the certificate in `/Library/Application Support/Cloudflare/installed_cert.pem` for reference by scripts or tools.
77
+
78
+
#### Manually trust the certificate
79
+
80
+
macOS Ventura `13.5` and newer do not allow WARP to automatically trust the certificate. To manually trust the certificate:
77
81
78
82
1. Select **Trust**.
79
83
2. Set **When using this certificate** to _Always Trust_.
80
84
81
85
Alternatively, you can configure your mobile device management (MDM) to automatically trust the certificate on all of your organization's devices.
82
-
:::
83
-
84
-
The WARP client will also place the certificate in `/Library/Application Support/Cloudflare/installed_cert.pem` for reference by scripts or tools.
0 commit comments