Contact IPHC Website
Information Technology Security Certificate Installation

IPHC Root Certificate Authority

Install this certificate on your personal device to connect to the IPHC VPN and access internal resources without security warnings.

Who needs this? Employees connecting to the IPHC VPN or accessing internal websites from a personal device (laptop, phone, or tablet) that is not managed by IPHC IT. Devices enrolled in Intune or joined to the IPHC domain already have this certificate installed automatically.
Step 1

Download the Root Certificate

IPHC Internal Root CA
Issued by: iphc-IPHC-SEA-DC02-CA.iphc.int  ·  Valid until: 17 APR 2040  ·  Format: X.509 / PEM (.cer)
Download Certificate
SHA-256 Fingerprint — verify this after downloading
44:B5:10:05:FE:3D:35:54:35:D7:F2:FF:F4:48:6F:32:89:D2:BC:43:58:CF:A7:B7:B1:0C:D5:B2:DD:25:99:EF
After downloading, verify the fingerprint matches exactly before installing. If it does not match, do not install the file and contact IT.
Security note: Only install certificates you download directly from this page over a verified HTTPS connection. IPHC IT will never send certificate files by email, Slack, or any other messaging channel.
Step 2

Install the Certificate

Select your operating system for step-by-step instructions.

  1. Download the certificate file using the button above and note where it is saved (e.g. Downloads\IPHC-SEA-DC02-CA.cer).
  2. Double-click the downloaded .cer file. A certificate dialog will open. Click Install Certificate…
  3. In the Certificate Import Wizard, select Local Machine, then click Next.
    You may be prompted by UAC — click Yes to allow.
  4. Choose Place all certificates in the following store, click Browse, and select Trusted Root Certification Authorities. Click OK, then Next.
  5. Click Finish. You should see a dialog confirming "The import was successful."
  6. Restart any open browsers and then connect to the VPN. Certificate warnings should no longer appear.
  1. Download the certificate file and open it. Keychain Access will launch automatically and ask which keychain to use.
  2. Select the System keychain (so all users and browsers on this Mac trust it) and click Add.
    You will be prompted for your Mac admin password.
  3. In Keychain Access, locate the certificate under the System keychain. It will initially show a red ✕ indicating it is not trusted.
  4. Double-click the certificate, expand the Trust section, and set "When using this certificate" to Always Trust.
  5. Close the dialog and enter your password again to confirm. The certificate will now show a blue ✓.
  6. Quit and relaunch any open browsers, then connect to the VPN.
  1. Open this page in Safari on your iPhone or iPad and tap Download Certificate.
    Other browsers on iOS may not trigger the system certificate installer — use Safari.
  2. A prompt will say "This website is trying to download a configuration profile." Tap Allow.
  3. Go to Settings → General → VPN & Device Management and tap the downloaded profile under Downloaded Profile.
  4. Tap Install in the top-right corner, enter your device passcode if prompted, and tap Install again to confirm.
  5. Now enable full trust: go to Settings → General → About → Certificate Trust Settings.
  6. Under Enable Full Trust for Root Certificates, toggle on IPHC-SEA-DC02-CA and tap Continue on the warning dialog.
  1. Download the certificate file to your device. The exact steps vary by Android version and manufacturer.
  2. Go to Settings → Security (or Biometrics and Security on Samsung devices).
  3. Tap Install from device storage (or More security settings → Install from device storage).
  4. Browse to the downloaded .cer file and select it. If prompted for a certificate name, enter IPHC-SEA-DC02-CA.
  5. Select CA certificate as the credential use and tap Install anyway.
  6. Note: Chrome on Android uses the system trust store, but Firefox maintains its own. If using Firefox, you may also need to import the certificate within Firefox Settings → About Firefox → Certificates.
  1. Download the certificate and copy it to the system CA store directory:
    sudo cp IPHC-SEA-DC02-CA.cer /usr/local/share/ca-certificates/
  2. Update the CA bundle:
    sudo update-ca-certificates
    On RHEL/Fedora/CentOS: place the file in /etc/pki/ca-trust/source/anchors/ and run sudo update-ca-trust instead.
  3. Chrome / Chromium: Chrome on Linux uses the NSS certificate store. Import the certificate via Settings → Privacy and Security → Security → Manage certificates → Authorities → Import.
  4. Firefox: Firefox uses its own certificate store. Go to Settings → Privacy & Security → View Certificates → Authorities → Import and select the downloaded file. Check "Trust this CA to identify websites."
Step 3

Verify Installation

After installing, connect to the IPHC VPN and navigate to an internal site. You should see a padlock in your browser's address bar with no certificate warnings. If warnings persist, try restarting your browser fully (all windows) and reconnecting to the VPN.

If you continue to experience issues, contact the IT helpdesk at the address below.
Need help? Contact the IPHC IT Helpdesk  ·  IPHC_TechnologyServices@iphc.int