How to Install the Cato Certificate

To install the Cato Certificate, download it from the Cato Client download portal and add it to your device's operating system certificate store.

Installing the Cato Certificate

You can download the Cato certificate from the Client download portal and install it on the required devices.

  • Select Cato Client, and then choose the operating system.
download_cert.png

Installing the certificate will add it to the relevant operating system store (ie. Keychain for macOS, Certificate Management for Windows)

In case you're running third party tools which requires and manages its own certificate system, you'll need to import it there as well.

Few examples with references:

  • Java SE - You will be required to push the certificate to the Java cert store as well:

    115002657409-mceclip0.png

    Or using the keytool - https://docs.oracle.com/javase/tutorial/security/toolsign/rstep2.html

  • InteliJ - https://intellij-support.jetbrains.com/hc/en-us/community/posts/206153629-How-to-add-a-SSL-root-certificate-to-IDEA-on-OS-X-?sort_by=votes
  • Git - http://stackoverflow.com/questions/9008309/how-do-i-set-git-ssl-no-verify-for-specific-repos-only
  • Firefox - https://wiki.mozilla.org/CA:AddRootToFirefox

Known Issues

  • Unable to install the certificate. Error: "Couldn't install because certificate file couldn't be read"

    • Workaround: Install a certificate from Settings/Additional Settings/Privacy/Install certificate from SD/Choose the relevant certificate

Installing Root CA Certificate to Firefox_ARCHIVED

Starting with version 120, Firefox can automatically trust third-party root certificates installed in the OS certificate store. For more information, see the Mozilla documentation.

To manually install the Cato certificate to Firefox:

  1. From the browser options menu, click Settings.
  2. Search for Certificates and click View Certificates.
  3. In the Authorities tab, click Import.

  4. Browse to where you stored the Cato root certificate and select it and click Open.

    This should resolve any certificate issues with TLS inspection in Firefox.

Was this article helpful?

4 out of 8 found this helpful

4 comments

Date Votes
  • Comment author
    carter.terry

    You have an article about installing the certificate and show screenshot of “easy installation page” but include no link to the page?!? Really? Very unhelpful.

  • Comment author
    Yaakov Simon

    carter.terry - Good point. We updated the article and added a link to the Cato Client download portal where you can download the Cato certificate.

  • Comment author
    Aiman Almesbahi

    Do I have to install the CATO certificate on guest devices connected to our guest Wi-Fi ( not much restricted internet)?

  • Comment author
    Yaakov Simon

    Aiman Almesbahi  Thanks for the question!

    To avoid the requirement of installing the Cato cert on guest devices connected to the corporate Guest Wifi, make sure that the Guest Wifi network is excluded from TLS Inspection and the Client Connectivity policy. For example, create a TLS Bypass rule where the source IP is their guest WiFi ranges.