From 662f5317941bbf14bd99e48657094ff5ad1715b3 Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Tue, 5 Nov 2024 16:31:15 -0600 Subject: [PATCH 01/15] Add Intune procedure --- .../manual-deployment.mdx | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx index a41cf582e6dcc25..d6e74229dfc49c0 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx @@ -303,6 +303,48 @@ To install a Cloudflare certificate to Firefox manually: For information on installing a Cloudflare certificate for organizations, refer to this [Mozilla support article](https://support.mozilla.org/en-US/kb/setting-certificate-authorities-firefox). +### Mobile device management (MDM) software + +These steps require you to [download a Cloudflare certificate](#download-the-cloudflare-root-certificate) in `.pem` format. + +#### Microsoft Intune + +To deploy a certificate to Microsoft Intune devices, you must convert your certificate and create a trusted certificate profile. + +
+ +1. Install [OpenSSL](https://www.openssl.org/). +2. In a terminal, convert the certificate to DER format with the `.cer` file type: + + ```sh + openssl x509 -inform PEM -in ~/Downloads/certificate.pem -outform DER -out ~/Downloads/certificate.cer + ``` + +3. In Microsoft Intune, [create a trusted certificate profile](https://learn.microsoft.com/mem/intune/protect/certificates-trusted-root#create-trusted-certificate-profiles) with your converted certificate. + +
+ +
+ +1. Install [OpenSSL for Windows](https://slproweb.com/products/Win32OpenSSL.html). +2. In a PowerShell terminal, convert the certificate to DER format with the `.cer` file type: + + ```powershell + openssl x509 -inform PEM -in "$HOME\Downloads\certificate.pem" -outform DER -out "$HOME\Downloads\certificate.cer" + ``` + +3. In Microsoft Intune, [create a trusted certificate profile](https://learn.microsoft.com/mem/intune/protect/certificates-trusted-root#create-trusted-certificate-profiles) with your converted certificate. + +
+ +#### Jamf + +#### Kandji + +#### Hexnode + +#### Jumpcloud + ### Python #### Python on Windows From 83aac3c7216e2957408ecfb50dca3235d4a47a6b Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Tue, 5 Nov 2024 16:33:30 -0600 Subject: [PATCH 02/15] Add Jamf procedure --- .../warp/user-side-certificates/manual-deployment.mdx | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx index d6e74229dfc49c0..ec96b6d733eb044 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx @@ -305,11 +305,9 @@ For information on installing a Cloudflare certificate for organizations, refer ### Mobile device management (MDM) software -These steps require you to [download a Cloudflare certificate](#download-the-cloudflare-root-certificate) in `.pem` format. - #### Microsoft Intune -To deploy a certificate to Microsoft Intune devices, you must convert your certificate and create a trusted certificate profile. +To deploy a certificate to Microsoft Intune devices, you must convert your certificate and create a trusted certificate profile. These steps require you to [download a Cloudflare certificate](#download-the-cloudflare-root-certificate) in `.pem` format.
@@ -337,7 +335,12 @@ To deploy a certificate to Microsoft Intune devices, you must convert your certi
-#### Jamf +#### Jamf Pro + +To upload and deploy a Cloudflare certificate in Jamf Pro: + +1. [Download a Cloudflare certificate](#download-the-cloudflare-root-certificate) in `.pem` format. +2. In Jamf Pro, [upload the certificate](https://learn.jamf.com/bundle/jamf-pro-documentation-current/page/SSL_Certificate.html). #### Kandji From a58eb3928e5cdec6ed2ed3bcce13e213a25aa9a7 Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Tue, 5 Nov 2024 16:40:23 -0600 Subject: [PATCH 03/15] Add Kandji procedure --- .../warp/user-side-certificates/manual-deployment.mdx | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx index ec96b6d733eb044..8067d92fe5e24e8 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx @@ -344,6 +344,11 @@ To upload and deploy a Cloudflare certificate in Jamf Pro: #### Kandji +To upload and deploy a Cloudflare certificate in Kandji: + +1. [Download a Cloudflare certificate](#download-the-cloudflare-root-certificate) in `.crt` format. +2. In Kandji, [upload the certificate](https://support.kandji.io/support/solutions/articles/72000558739-certificate-profile) as a PKCS #1-formatted certificate. + #### Hexnode #### Jumpcloud From 4b9624de58a02c2f5b060b7af157ecd5dc367823 Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Tue, 5 Nov 2024 16:47:35 -0600 Subject: [PATCH 04/15] Add Hexnode --- .../warp/user-side-certificates/manual-deployment.mdx | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx index 8067d92fe5e24e8..7ef935ae8d483af 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx @@ -305,6 +305,8 @@ For information on installing a Cloudflare certificate for organizations, refer ### Mobile device management (MDM) software +Zero Trust integrates with several [mobile device management (MDM) software partners](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/partners/) to deploy WARP across devices. + #### Microsoft Intune To deploy a certificate to Microsoft Intune devices, you must convert your certificate and create a trusted certificate profile. These steps require you to [download a Cloudflare certificate](#download-the-cloudflare-root-certificate) in `.pem` format. @@ -351,7 +353,12 @@ To upload and deploy a Cloudflare certificate in Kandji: #### Hexnode -#### Jumpcloud +To upload and deploy a Cloudflare certificate in Kandji: + +1. [Download a Cloudflare certificate](#download-the-cloudflare-root-certificate) in `.pem` format. +2. In Hexnode, follow the directions for adding the certificate to [macOS](https://www.hexnode.com/mobile-device-management/help/how-to-add-certificates-for-mac-devices-with-hexnode-mdm/), [iOS](https://www.hexnode.com/mobile-device-management/help/add-certificates-for-ios-devices-with-hexnode-mdm/), and/or [Android](https://www.hexnode.com/mobile-device-management/help/how-to-add-certificates-for-android-devices-using-hexnode-mdm/) devices. + +#### JumpCloud ### Python From 7006028db1791c7c86f07f271838a55f9fdc6f68 Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Tue, 5 Nov 2024 16:51:48 -0600 Subject: [PATCH 05/15] Add JumpCloud --- .../warp/user-side-certificates/manual-deployment.mdx | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx index 7ef935ae8d483af..a201b615549248d 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx @@ -360,6 +360,12 @@ To upload and deploy a Cloudflare certificate in Kandji: #### JumpCloud +To upload and deploy a Cloudflare certificate in JumpCloud: + +1. [Download a Cloudflare certificate](#download-the-cloudflare-root-certificate) in `.pem` format. +2. In JumpCloud, [upload the certificate](https://jumpcloud.com/support/manage-device-trust-certificates#distributing-global-device-certificates-). +3. [Configure a conditional access policy](https://jumpcloud.com/support/configure-a-conditional-access-policy) to deploy the certificate across devices. + ### Python #### Python on Windows From 77be436516ebf5072a4abb64a9dab805a98aa261 Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Fri, 8 Nov 2024 16:40:06 -0600 Subject: [PATCH 06/15] Add context --- .../warp/user-side-certificates/manual-deployment.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx index a201b615549248d..cf3f13f3d22c0b4 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx @@ -342,7 +342,7 @@ To deploy a certificate to Microsoft Intune devices, you must convert your certi To upload and deploy a Cloudflare certificate in Jamf Pro: 1. [Download a Cloudflare certificate](#download-the-cloudflare-root-certificate) in `.pem` format. -2. In Jamf Pro, [upload the certificate](https://learn.jamf.com/bundle/jamf-pro-documentation-current/page/SSL_Certificate.html). +2. In Jamf Pro, [upload the certificate](https://learn.jamf.com/bundle/jamf-pro-documentation-current/page/SSL_Certificate.html) and deploy it across your devices. #### Kandji From 8bf29b5d31ae6e43183c66b2191c022ffa946cb0 Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Mon, 11 Nov 2024 16:03:19 -0600 Subject: [PATCH 07/15] Update MS link --- .../warp/user-side-certificates/manual-deployment.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx index cf3f13f3d22c0b4..88bf5e8cae9525c 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx @@ -320,7 +320,7 @@ To deploy a certificate to Microsoft Intune devices, you must convert your certi openssl x509 -inform PEM -in ~/Downloads/certificate.pem -outform DER -out ~/Downloads/certificate.cer ``` -3. In Microsoft Intune, [create a trusted certificate profile](https://learn.microsoft.com/mem/intune/protect/certificates-trusted-root#create-trusted-certificate-profiles) with your converted certificate. +3. In Microsoft Intune, [create a trusted certificate profile](https://learn.microsoft.com/mem/intune/protect/certificates-trusted-root#to-create-a-trusted-certificate-profile) with your converted certificate. @@ -333,7 +333,7 @@ To deploy a certificate to Microsoft Intune devices, you must convert your certi openssl x509 -inform PEM -in "$HOME\Downloads\certificate.pem" -outform DER -out "$HOME\Downloads\certificate.cer" ``` -3. In Microsoft Intune, [create a trusted certificate profile](https://learn.microsoft.com/mem/intune/protect/certificates-trusted-root#create-trusted-certificate-profiles) with your converted certificate. +3. In Microsoft Intune, [create a trusted certificate profile](https://learn.microsoft.com/mem/intune/protect/certificates-trusted-root#to-create-a-trusted-certificate-profile) with your converted certificate. From 45edce263df0bacd692ad4a9f5395f319d962409 Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Mon, 11 Nov 2024 16:16:12 -0600 Subject: [PATCH 08/15] Update typos --- .../warp/user-side-certificates/manual-deployment.mdx | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx index 88bf5e8cae9525c..45b3a313c252493 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx @@ -337,6 +337,8 @@ To deploy a certificate to Microsoft Intune devices, you must convert your certi +For more information, refer to the [Microsoft documentation](https://learn.microsoft.com/mem/intune/protect/certificates-trusted-root). + #### Jamf Pro To upload and deploy a Cloudflare certificate in Jamf Pro: @@ -353,7 +355,7 @@ To upload and deploy a Cloudflare certificate in Kandji: #### Hexnode -To upload and deploy a Cloudflare certificate in Kandji: +To upload and deploy a Cloudflare certificate in Hexnode: 1. [Download a Cloudflare certificate](#download-the-cloudflare-root-certificate) in `.pem` format. 2. In Hexnode, follow the directions for adding the certificate to [macOS](https://www.hexnode.com/mobile-device-management/help/how-to-add-certificates-for-mac-devices-with-hexnode-mdm/), [iOS](https://www.hexnode.com/mobile-device-management/help/add-certificates-for-ios-devices-with-hexnode-mdm/), and/or [Android](https://www.hexnode.com/mobile-device-management/help/how-to-add-certificates-for-android-devices-using-hexnode-mdm/) devices. From 8e06b067d8df589f5fcd272523b3d808e92cf710 Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Wed, 13 Nov 2024 14:50:39 -0600 Subject: [PATCH 09/15] Add Jamf procedure --- .../user-side-certificates/manual-deployment.mdx | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx index 45b3a313c252493..8ea550893ac30d2 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx @@ -94,7 +94,7 @@ To install a Cloudflare certificate in macOS, you can use either the Keychain Ac 1. Download a Cloudflare certificate. 2. Open the `.crt` file in Keychain Access. If prompted, enter your local password. 3. In **Keychain**, choose the access option that suits your needs and select **Add**. -4. In the list of certificates, locate the newly installed certificate. Keychain Access will mark this certificate as not trusted. Right-click the certificate and select **Get Info**. +4. In the list of certificates, locate the newly installed certificate. Keychain Access will mark this certificate as not trusted. Right-select the certificate and select **Get Info**. 5. Select **Trust**. Under **When using this certificate**, select _Always Trust_. The root certificate is now installed and ready to be used. @@ -139,7 +139,7 @@ Windows offers two locations to install the certificate, each impacting which us | Local Machine Store | All users on the system | 1. [Download a Cloudflare certificate](#download-the-cloudflare-root-certificate). -2. Right-click the certificate file. +2. Right-select the certificate file. 3. Select **Open**. If a security warning appears, choose **Open** to proceed. 4. The **Certificate** window will appear. Select **Install Certificate**. 5. Now choose a Store Location. If a security warning appears, choose **Yes** to proceed. @@ -344,7 +344,13 @@ For more information, refer to the [Microsoft documentation](https://learn.micro To upload and deploy a Cloudflare certificate in Jamf Pro: 1. [Download a Cloudflare certificate](#download-the-cloudflare-root-certificate) in `.pem` format. -2. In Jamf Pro, [upload the certificate](https://learn.jamf.com/bundle/jamf-pro-documentation-current/page/SSL_Certificate.html) and deploy it across your devices. +2. In Jamf Pro, go to **Computers** > **Configuration Profiles** to create a computer configuration profile, or go to **Devices** > **Configuration Profiles** to create a mobile device configuration profile. Select **New**. +3. Name the profile, then select **Add** > **Certificate**. +4. Choose the certificate file. +5. Select **Scope**, then choose which devices or groups to deploy the certificate to. +6. Select **Save**. + +For more information, refer to the [Jamf Pro documentation](https://learn.jamf.com/bundle/jamf-pro-documentation-current/page/PKI_Certificates.html). #### Kandji From baae7a68164df8de5edaf92654324329c5b1320d Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Wed, 13 Nov 2024 14:51:35 -0600 Subject: [PATCH 10/15] Undo search and replace --- .../warp/user-side-certificates/manual-deployment.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx index 8ea550893ac30d2..fa9071891383a45 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx @@ -94,7 +94,7 @@ To install a Cloudflare certificate in macOS, you can use either the Keychain Ac 1. Download a Cloudflare certificate. 2. Open the `.crt` file in Keychain Access. If prompted, enter your local password. 3. In **Keychain**, choose the access option that suits your needs and select **Add**. -4. In the list of certificates, locate the newly installed certificate. Keychain Access will mark this certificate as not trusted. Right-select the certificate and select **Get Info**. +4. In the list of certificates, locate the newly installed certificate. Keychain Access will mark this certificate as not trusted. Right-click the certificate and select **Get Info**. 5. Select **Trust**. Under **When using this certificate**, select _Always Trust_. The root certificate is now installed and ready to be used. @@ -139,7 +139,7 @@ Windows offers two locations to install the certificate, each impacting which us | Local Machine Store | All users on the system | 1. [Download a Cloudflare certificate](#download-the-cloudflare-root-certificate). -2. Right-select the certificate file. +2. Right-click the certificate file. 3. Select **Open**. If a security warning appears, choose **Open** to proceed. 4. The **Certificate** window will appear. Select **Install Certificate**. 5. Now choose a Store Location. If a security warning appears, choose **Yes** to proceed. From 212caec6f4cb431c9668ea25f55bcbef682b9b45 Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Thu, 14 Nov 2024 09:41:26 -0600 Subject: [PATCH 11/15] Add convert section --- .../manual-deployment.mdx | 59 ++++++++++--------- 1 file changed, 32 insertions(+), 27 deletions(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx index fa9071891383a45..a018db2f7fadfcb 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx @@ -73,6 +73,34 @@ openssl x509 -noout -fingerprint -sha256 -inform pem -in sha256 Fingerprint=F5:E1:56:C4:89:78:77:AD:79:3A:1E:83:FA:77:83:F1:9C:B0:C6:1B:58:2C:2F:50:11:B3:37:72:7C:62:3D:EF ``` +### Convert the certificate + +Some applications require a certificate formatted in the `.cer` file type to use it. You can convert downloaded certificates using [OpenSSL](https://www.openssl.org/): + +
+ +1. [Install OpenSSL](https://wiki.openssl.org/index.php/Compilation_and_Installation). +2. [Download a Cloudflare certificate](#download-the-cloudflare-root-certificate) in `.pem` format. +3. In a terminal, convert the certificate to DER format with the `.cer` file type: + + ```sh + openssl x509 -inform PEM -in ~/Downloads/certificate.pem -outform DER -out ~/Downloads/certificate.cer + ``` + +
+ +
+ +1. [Install OpenSSL for Windows](https://slproweb.com/products/Win32OpenSSL.html). +2. [Download a Cloudflare certificate](#download-the-cloudflare-root-certificate) in `.pem` format. +3. In a PowerShell terminal, convert the certificate to DER format with the `.cer` file type: + + ```powershell + openssl x509 -inform PEM -in "$HOME\Downloads\certificate.pem" -outform DER -out "$HOME\Downloads\certificate.cer" + ``` + +
+ ## Add the certificate to operating systems ### macOS @@ -309,33 +337,10 @@ Zero Trust integrates with several [mobile device management (MDM) software part #### Microsoft Intune -To deploy a certificate to Microsoft Intune devices, you must convert your certificate and create a trusted certificate profile. These steps require you to [download a Cloudflare certificate](#download-the-cloudflare-root-certificate) in `.pem` format. +To deploy a certificate to Microsoft Intune devices, you must convert your certificate and create a trusted certificate profile: -
- -1. Install [OpenSSL](https://www.openssl.org/). -2. In a terminal, convert the certificate to DER format with the `.cer` file type: - - ```sh - openssl x509 -inform PEM -in ~/Downloads/certificate.pem -outform DER -out ~/Downloads/certificate.cer - ``` - -3. In Microsoft Intune, [create a trusted certificate profile](https://learn.microsoft.com/mem/intune/protect/certificates-trusted-root#to-create-a-trusted-certificate-profile) with your converted certificate. - -
- -
- -1. Install [OpenSSL for Windows](https://slproweb.com/products/Win32OpenSSL.html). -2. In a PowerShell terminal, convert the certificate to DER format with the `.cer` file type: - - ```powershell - openssl x509 -inform PEM -in "$HOME\Downloads\certificate.pem" -outform DER -out "$HOME\Downloads\certificate.cer" - ``` - -3. In Microsoft Intune, [create a trusted certificate profile](https://learn.microsoft.com/mem/intune/protect/certificates-trusted-root#to-create-a-trusted-certificate-profile) with your converted certificate. - -
+1. [Download and convert a Cloudflare certificate](#convert-the-certificate) to DER format with the `.cer` file type. +2. In Microsoft Intune, [create a trusted certificate profile](https://learn.microsoft.com/mem/intune/protect/certificates-trusted-root#to-create-a-trusted-certificate-profile) with your converted certificate. For more information, refer to the [Microsoft documentation](https://learn.microsoft.com/mem/intune/protect/certificates-trusted-root). @@ -343,7 +348,7 @@ For more information, refer to the [Microsoft documentation](https://learn.micro To upload and deploy a Cloudflare certificate in Jamf Pro: -1. [Download a Cloudflare certificate](#download-the-cloudflare-root-certificate) in `.pem` format. +1. [Download and convert a Cloudflare certificate](#convert-the-certificate) to DER format with the `.cer` file type. 2. In Jamf Pro, go to **Computers** > **Configuration Profiles** to create a computer configuration profile, or go to **Devices** > **Configuration Profiles** to create a mobile device configuration profile. Select **New**. 3. Name the profile, then select **Add** > **Certificate**. 4. Choose the certificate file. From a0734524c3bd9b1da67b9a3949eb3f65aefc059e Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Thu, 14 Nov 2024 09:57:23 -0600 Subject: [PATCH 12/15] Add Jamf suggestions --- .../user-side-certificates/manual-deployment.mdx | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx index a018db2f7fadfcb..feeb0fea85233aa 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx @@ -82,7 +82,6 @@ Some applications require a certificate formatted in the `.cer` file type to use 1. [Install OpenSSL](https://wiki.openssl.org/index.php/Compilation_and_Installation). 2. [Download a Cloudflare certificate](#download-the-cloudflare-root-certificate) in `.pem` format. 3. In a terminal, convert the certificate to DER format with the `.cer` file type: - ```sh openssl x509 -inform PEM -in ~/Downloads/certificate.pem -outform DER -out ~/Downloads/certificate.cer ``` @@ -94,7 +93,6 @@ Some applications require a certificate formatted in the `.cer` file type to use 1. [Install OpenSSL for Windows](https://slproweb.com/products/Win32OpenSSL.html). 2. [Download a Cloudflare certificate](#download-the-cloudflare-root-certificate) in `.pem` format. 3. In a PowerShell terminal, convert the certificate to DER format with the `.cer` file type: - ```powershell openssl x509 -inform PEM -in "$HOME\Downloads\certificate.pem" -outform DER -out "$HOME\Downloads\certificate.cer" ``` @@ -350,10 +348,12 @@ To upload and deploy a Cloudflare certificate in Jamf Pro: 1. [Download and convert a Cloudflare certificate](#convert-the-certificate) to DER format with the `.cer` file type. 2. In Jamf Pro, go to **Computers** > **Configuration Profiles** to create a computer configuration profile, or go to **Devices** > **Configuration Profiles** to create a mobile device configuration profile. Select **New**. -3. Name the profile, then select **Add** > **Certificate**. -4. Choose the certificate file. -5. Select **Scope**, then choose which devices or groups to deploy the certificate to. -6. Select **Save**. +3. Add a name and description for the profile. +4. Choose whether you would like Jamf to install the certificate automatically or with self-service, and whether you would like to install the certificate for a single user or all users on the device. +5. Select **Add** > **Certificate**. Choose the certificate file. +6. Uncheck **Allow export from keychain**. +7. Select **Scope**, then choose which devices or groups to deploy the certificate to. +8. Select **Save**. For more information, refer to the [Jamf Pro documentation](https://learn.jamf.com/bundle/jamf-pro-documentation-current/page/PKI_Certificates.html). From 31000aa6736eb702c8c8e68713947bee2781d3dd Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Thu, 14 Nov 2024 10:07:32 -0600 Subject: [PATCH 13/15] Edit convert preamble --- .../warp/user-side-certificates/manual-deployment.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx index feeb0fea85233aa..42c6e96c13393f2 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx @@ -75,7 +75,7 @@ sha256 Fingerprint=F5:E1:56:C4:89:78:77:AD:79:3A:1E:83:FA:77:83:F1:9C:B0:C6:1B:5 ### Convert the certificate -Some applications require a certificate formatted in the `.cer` file type to use it. You can convert downloaded certificates using [OpenSSL](https://www.openssl.org/): +Some applications require a certificate formatted in the `.cer` file type. You can convert your downloaded certificate using [OpenSSL](https://www.openssl.org/):
From 441d9b7b1e089dc2d1f351057538bfd41c4ec4e1 Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Thu, 14 Nov 2024 11:50:56 -0600 Subject: [PATCH 14/15] Remove unnecessary info --- .../warp/user-side-certificates/manual-deployment.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx index 42c6e96c13393f2..d9c044b00d2f062 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx @@ -335,7 +335,7 @@ Zero Trust integrates with several [mobile device management (MDM) software part #### Microsoft Intune -To deploy a certificate to Microsoft Intune devices, you must convert your certificate and create a trusted certificate profile: +To upload and deploy a Cloudflare certificate in Microsoft Intune: 1. [Download and convert a Cloudflare certificate](#convert-the-certificate) to DER format with the `.cer` file type. 2. In Microsoft Intune, [create a trusted certificate profile](https://learn.microsoft.com/mem/intune/protect/certificates-trusted-root#to-create-a-trusted-certificate-profile) with your converted certificate. From 77f6cbf270327c69e7cd4cde8862eb8af27e572f Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Thu, 14 Nov 2024 14:19:39 -0600 Subject: [PATCH 15/15] Switch details to tabs --- .../manual-deployment.mdx | 54 ++++++++++--------- 1 file changed, 30 insertions(+), 24 deletions(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx index d9c044b00d2f062..0899635454901fd 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx @@ -77,7 +77,8 @@ sha256 Fingerprint=F5:E1:56:C4:89:78:77:AD:79:3A:1E:83:FA:77:83:F1:9C:B0:C6:1B:5 Some applications require a certificate formatted in the `.cer` file type. You can convert your downloaded certificate using [OpenSSL](https://www.openssl.org/): -
+ + 1. [Install OpenSSL](https://wiki.openssl.org/index.php/Compilation_and_Installation). 2. [Download a Cloudflare certificate](#download-the-cloudflare-root-certificate) in `.pem` format. @@ -86,9 +87,9 @@ Some applications require a certificate formatted in the `.cer` file type. You c openssl x509 -inform PEM -in ~/Downloads/certificate.pem -outform DER -out ~/Downloads/certificate.cer ``` -
+ -
+ 1. [Install OpenSSL for Windows](https://slproweb.com/products/Win32OpenSSL.html). 2. [Download a Cloudflare certificate](#download-the-cloudflare-root-certificate) in `.pem` format. @@ -97,7 +98,8 @@ Some applications require a certificate formatted in the `.cer` file type. You c openssl x509 -inform PEM -in "$HOME\Downloads\certificate.pem" -outform DER -out "$HOME\Downloads\certificate.cer" ``` -
+ + ## Add the certificate to operating systems @@ -114,7 +116,6 @@ In macOS, you can choose the keychain in which you want to install the certifica To install a Cloudflare certificate in macOS, you can use either the Keychain Access application or a terminal. Both methods require you to [download a certificate](#download-the-cloudflare-root-certificate) in `.crt` format. - 1. Download a Cloudflare certificate. @@ -148,7 +149,6 @@ echo | sudo tee -a /etc/ssl/cert.pem < Cloudflare_CA.pem The root certificate is now installed and ready to be used. - :::note[Change certificate access scope] @@ -525,7 +525,8 @@ If you use Kaniko with Google Cloud SDK, you must install a Cloudflare certifica To trust the Cloudflare root certificate in the Google Drive desktop application, follow the procedure for your operating system. These steps require you to [download the .pem certificate](#download-the-cloudflare-root-certificate). -
+ + 1. In the Finder menu bar, go to **Go** > **Go to Folder**. Enter `/Applications/Google Drive.app/Contents/Resources`. @@ -549,9 +550,9 @@ You can verify the update with the following command. defaults read /Library/Preferences/com.google.drivefs.settings ``` -
+ -
+ 1. In File Explorer, go to `\Program Files\Google\Drive File Stream\\config\`. @@ -575,7 +576,8 @@ You can verify the update with the following command. reg QUERY "HKEY_LOCAL_MACHINE\Software\Google\DriveFS" /v TrustedRootCertsFile" ``` -
+ + For more information, refer to the [Google documentation](https://support.google.com/a/answer/7644837) for the `TrustedRootCertsFile` setting. @@ -633,7 +635,8 @@ To install the Cloudflare root certificate on Eclipse IDE for Java Developers, y 3. Add the Cloudflare certificate to Eclipse's JVM: -
+ + 1. In a terminal, add the `java.home` value you copied as an environment variable. @@ -649,25 +652,26 @@ To install the Cloudflare root certificate on Eclipse IDE for Java Developers, y 3. Restart Eclipse. -
+ -
+ 1. In a terminal, add the `java.home` value you copied as an environment variable. -```powershell -set JAVA_HOME="\path\to\java.home" -``` + ```powershell + set JAVA_HOME="\path\to\java.home" + ``` 2. Run `keytool` to install and trust the Cloudflare certificate. -```powershell -"%JAVA_HOME%\bin\keytool.exe" -import -file "%UserProfile%\Downloads\Cloudflare_CA.crt" -alias CloudflareRootCA -keystore "%JAVA_HOME%\lib\security\cacerts" -storepass changeit -trustcacerts -noprompt -``` + ```powershell + "%JAVA_HOME%\bin\keytool.exe" -import -file "%UserProfile%\Downloads\Cloudflare_CA.crt" -alias CloudflareRootCA -keystore "%JAVA_HOME%\lib\security\cacerts" -storepass changeit -trustcacerts -noprompt + ``` 3. Restart Eclipse. -
+ + For more information on adding certificates to Eclipse with `keytool`, refer to [IBM's documentation](https://www.ibm.com/docs/en/ram/7.5.4?topic=client-adding-server-public-certificate-eclipse). @@ -675,7 +679,8 @@ For more information on adding certificates to Eclipse with `keytool`, refer to To trust the Cloudflare root certificate in RubyGems, follow the procedure for your operating system. These steps require you to [download a `.pem` certificate](#download-the-cloudflare-root-certificate). -
+ + 1. Install [OpenSSL](https://www.openssl.org/). @@ -699,9 +704,9 @@ To trust the Cloudflare root certificate in RubyGems, follow the procedure for y 5. Restart RubyGems. -
+ -
+ 1. Install [OpenSSL for Windows](https://slproweb.com/products/Win32OpenSSL.html). @@ -725,7 +730,8 @@ To trust the Cloudflare root certificate in RubyGems, follow the procedure for y 5. Restart RubyGems. -
+ + ### Minikube