How do I install the Verax CA certificate?

  • 2 minute(s) read
Prev Next

To enable secure traffic inspection and enforcement, you must install the Verax CA certificate on each endpoint.

The certificate file is downloaded from your Verax Protect console.

File name: verax_ca.crt

Windows

1. Download the Certificate

Download verax_ca.crt from your Verax Protect console.

2. Open the Certificate

  • Double-click verax_ca.crt

  • Click Install Certificate

3. Certificate Import Wizard

When the wizard opens:

  1. Select Local Machine

  2. Click Next

  3. Approve the administrator prompt if shown

  4. Select Place all certificates in the following store

  5. Click Browse

  6. Choose Trusted Root Certification Authorities

  7. Click OK

  8. Click Next

  9. Click Finish

4. Confirm Installation

You should see the message:

“The import was successful.”

The Verax CA certificate is now installed.

macOS

1. Download the Certificate

Download verax_ca.crt from your Verax Protect console.

2. Open Keychain Access

  • Press Cmd + Space

  • Search for Keychain Access

  • Open the application

3. Select the Correct Keychain

In Keychain Access:

  • Select System under Keychains (left sidebar)

  • Select Certificates under Category

4. Import the Certificate

You can import the certificate in one of two ways:

Option A: Drag and Drop

  • Drag verax_ca.crt into the Keychain Access window

Option B: Import via Menu

  • Click File → Import Items…

  • Select verax_ca.crt

When prompted:

  • Enter your administrator password

5. Set the Certificate to Always Trust

After importing:

  1. Double-click the Verax CA certificate

  2. Expand the Trust section

  3. Set When using this certificate to Always Trust

  4. Close the certificate window

  5. Enter your administrator password again if prompted

The Verax CA certificate is now trusted by your system.

Firefox Configuration (Windows & macOS)

⚠️ Important:
Firefox uses its own certificate store and may not automatically trust certificates installed in the operating system.

If Firefox does not trust the Verax CA certificate, you must either:

  • Enable security.enterprise_roots.enabled, or

  • Import the Verax CA certificate directly into Firefox.

This allows Firefox to trust certificates installed in the OS certificate store.

Steps

  1. Open Firefox

  2. In the address bar, type:

    about:config

  3. Click Accept the Risk and Continue

  4. In the search box, type:

    security.enterprise_roots.enabled

If the preference exists:

  • Click the toggle button so it is set to true

If the preference does not exist:

  1. Click the + (plus) icon

  2. Select Boolean

  3. Set the value to true

  4. Restart Firefox

Note

If the setting appears locked, it is being enforced by company policy. In that case, update the policy configuration or proceed with importing the Verax CA directly into Firefox.

Option 2 – Import the Verax CA into Firefox

If enabling security.enterprise_roots.enabled is not possible, import the certificate manually.

Steps

  1. Open Firefox

  2. Click the ☰ menu (top-right)

  3. Select Settings

  4. Search for Certificates

  5. Click View Certificates

  6. Go to the Authorities tab

  7. Click Import

  8. Select the CA certificate downloaded from your Verax Protect console

When prompted:

  • Check Trust this CA to identify websites

  • Click OK

  1. Restart Firefox