--- title: "How do I install the Verax CA certificate?" slug: "installing-verax-ca-certificate" updated: 2026-06-07T14:09:31Z published: 2026-06-07T14:09:31Z --- > ## Documentation Index > Fetch the complete documentation index at: https://docs.verax.ai/llms.txt > Use this file to discover all available pages before exploring further. # How do I install the Verax CA certificate? To enable secure traffic inspection and enforcement, you must install the Verax CA certificate on each endpoint. The certificate file is downloaded from your **Verax Protect console**. **File name:** `verax_ca.crt` --- ## Windows ### 1. Download the Certificate Download `verax_ca.crt` from your Verax Protect console (**Settings → Traffic Redirect → Web Proxy)** ### 2. Open the Certificate - Double-click `verax_ca.crt` - Click **Install Certificate** ### 3. Certificate Import Wizard When the wizard opens: 1. Select **Local Machine** 2. Click **Next** 3. Approve the administrator prompt if shown 4. Select **Place all certificates in the following store** 5. Click **Browse** 6. Choose **Trusted Root Certification Authorities** 7. Click **OK** 8. Click **Next** 9. Click **Finish** ### 4. Confirm Installation You should see the message: > “The import was successful.” The Verax CA certificate is now installed. --- ## macOS ### 1. Download the Certificate Download `verax_ca.crt` from your Verax Protect console (**Settings → Traffic Redirect → Web Proxy)** ### 2. Open Keychain Access - Press **Cmd + Space** - Search for **Keychain Access** - Open the application ### 3. Select the Correct Keychain In Keychain Access: - Select **System** under *Keychains* (left sidebar) - Select **Certificates** under *Category* ### 4. Import the Certificate You can import the certificate in one of two ways: **Option A: Drag and Drop** - Drag `verax_ca.crt` into the Keychain Access window **Option B: Import via Menu** - Click **File → Import Items…** - Select `verax_ca.crt` When prompted: - Enter your administrator password ### 5. Set the Certificate to Always Trust After importing: 1. Double-click the **Verax CA** certificate 2. Expand the **Trust** section 3. Set **When using this certificate** to **Always Trust** 4. Close the certificate window 5. Enter your administrator password again if prompted The Verax CA certificate is now trusted by your system. --- ## Firefox Configuration (Windows & macOS) ⚠️ **Important:** Firefox uses its own certificate store and may not automatically trust certificates installed in the operating system. If Firefox does not trust the Verax CA certificate, you must either: - Enable `security.enterprise_roots.enabled`, or - Import the Verax CA certificate directly into Firefox. --- ### Option 1 – Enable `security.enterprise_roots.enabled` (Recommended) This allows Firefox to trust certificates installed in the OS certificate store. ### Steps 1. Open **Firefox** 2. In the address bar, type: ```plaintext about:config ``` 3. Click **Accept the Risk and Continue** 4. In the search box, type: ```plaintext security.enterprise_roots.enabled ``` ### If the preference exists: - Click the toggle button so it is set to **true** ### If the preference does not exist: 1. Click the **+ (plus)** icon 2. Select **Boolean** 3. Set the value to **true** 4. Restart Firefox ### Note If the setting appears **locked**, it is being enforced by company policy. In that case, update the policy configuration or proceed with importing the Verax CA directly into Firefox. --- ### Option 2 – Import the Verax CA into Firefox If enabling `security.enterprise_roots.enabled` is not possible, import the certificate manually. ### Steps 1. Open **Firefox** 2. Click the **☰ menu** (top-right) 3. Select **Settings** 4. Search for **Certificates** 5. Click **View Certificates** 6. Go to the **Authorities** tab 7. Click **Import** 8. Select the CA certificate downloaded from your Verax Protect console When prompted: - Check **Trust this CA to identify websites** - Click **OK** 1. Restart Firefox