Installing the Bogen Digital Certification Authority
When your client (e.g., a web browser) connects to the Bogen device’s web application, the device’s digital certificate is sent to the client to authenticate the identity of the device’s web application. The client uses the Bogen Certification Authority (CA) certificate to authenticate the device’s digital certificate, which verifies that the client is connecting to a valid server. If you do not install the Bogen CA certificate, the browser will display a warning that it was unable to authenticate the server, displaying a red Not secure warning immediately to the left of the browser’s address bar when you attempt to access the Bogen device.
Installing Certification Authority on Windows System
To download and install the Certification Authority on a Windows device:
1From your Chrome or Edge browser, type http://<device>/ssl/bogenCA.crt in the address bar, where <device> is the Nyquist device’s IP address or DNS name (for example, http://192.168.1.0/ssl/bogenCA.crt).
2Select the downloaded file and select Open.
3Select Open when prompted with “Do you want to open this file?”
4Select the Install Certificate... button. The Certificate Import Wizard starts.
5Select Current User, and then select Next.
Note: To allow all users on this Windows client to access the Nyquist device, select Local Machine instead of Current User. You may be prompted for administrator credentials.
6Select “Place all certificates in the following store”, then select Browse.
7Select Trusted Root Certification Authorities, and then select OK.
8Select Next.
9Select Finish.
10Restart the browser and log in to the device’s web application.
You can also download and install the Certification Authority using a PowerShell command prompt or script, which involves fewer steps. To download the certificate to a CRT file, execute the following PowerShell command, replacing <device> with the IP address or DNS name of the Nyquist device: Invoke-WebRequest -Uri http://<device>/ssl/bogenCA.crt -OutFile $env:TEMP\bogenCA.crt If you wish to validate the certificate before importing it, execute the following command after retrieving the CRT file: (New-Object -TypeName Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList "$env:temp\bogenCA.crt").GetCertHashString() The output will be the hash value (i.e., thumbprint) of the downloaded certificate, which should match the following (as of the current release): 0A8248F69D970F8DD855D0E0592972DA64B1A845 To install the certificate for the current user, execute the following command: Import-Certificate -CertStoreLocation cert:\CurrentUser\Root -FilePath $env:TEMP\bogenCA.crt That command installs the CA certificate into the CurrentUser certificate store, which only applies to the current user. To install the certificate for all users on this machine, which requires administrator privileges to execute, execute the following command: Import-Certificate -CertStoreLocation cert:\LocalMachine\Root -FilePath $env:TEMP\bogenCA.crt Note: These commands can also be executed remotely using PowerShell Remoting, which may be helpful if the certificate needs to be installed on many client machines. |
Installing Certification Authority on Mac System
To download and install the Certification Authority on a Mac:
1From your Chrome or Edge browser, type http://<device>/ssl/bogenCA.crt in the address bar, where <device> is the Nyquist system device’s IP address or DNS name (for example, http://192.168.1.0/ssl/bogenCA.crt).
2Save the downloaded bogenCA.crt file to the desktop.
3Double-click the certificate file on the desktop.
The Keychain Access App opens.
4Double-click the certificate to reveal the trust settings.
5Change the top trust setting to Always Trust.
6Close the Trust Setting window and enter the computer administrative password to save.
7Restart the browser and log in to the Nyquist web application.
Installing Certification Authority on an Android Device
Note: The Android device WiFi must be connected to the same network as the Nyquist Server.
To download and install the Certification Authority on an Android device:
1From your Chrome or Edge browser, type http://<device>/ssl/bogenCA.crt in the address bar, where <device> is the Nyquist device’s IP address or DNS name (for example,
http://192.168.1.0/ssl/bogenCA.crt).
2If prompted, verify your identity (e.g., enter your PIN or fingerprint).
3Type a certificate name (e.g., “Bogen CA”), specify “VPN and apps” under “Used for”, and select OK to install the certificate.
Installing Certification Authority on an iOS Device
Note: The iOS device WiFi must be connected to the same network as the Nyquist Server.
To download and install the Certification Authority on an iPhone Operating System (iOS) device:
1From your Safari browser, type http://<device>/ssl/bogenCA.crt in the address bar, where <device> is the Nyquist device’s IP address (for example, http://192.168.1.0/ssl/bogenCA.crt).
2Select Go.
3Select Allow when prompted to allow the download.
4Select Close after the notification that a profile was downloaded.
5Select Settings > General > VPN & Device Management.
6Select the Bogen CA certificate under DOWNLOADED PROFILE.
7Select Install.
8If prompted, enter your passcode.
9On the Warning page, select Install.
10Select Done.
11Select Settings > General > About > Certificate Trust Settings.
12Under ENABLE FULL TRUST FOR ROOT CERTIFICATES, Enable the switch next to Bogen CA.
The following steps outline how to view and verify the TLS/SSL certificate that was provided by the Nyquist device.
Important:The user interfaces for browsers change not infrequently, so the exact details may vary from what is described in the following instructions. Some security packages can also affect the information available, such as antivirus software that injects its own CA certificate in lieu of the website’s actual certificate, which has the effect of hiding the actual certificate from the user.
1Browse to the Bogen device’s web application in your browser (using Safari on iOS, Chrome or Edge on all other platforms).
2Select the lock icon on the address bar of the browser (to the left of the URL).
3Display the CA certificate by following one of the following steps:
a)On the Chrome or Edge browser, select Connection is secure, then select either Certificate is valid, the certificate icon, or Certificate information to display the Certificate Viewer dialog. Select the Details tab, then Bogen CA in the Certificate Hierarchy section.
b)On the Safari browser [MacOS or iOS only], select Show Certificate in the window that appears.
c)As an alternative on Android devices, select the Android system’s Settings > Biometrics and security > Other security settings >View security certificates, select the USER tab, and select the Bogen certificate.
4Verify that the Bogen CA certificate is selected and not the server certificate (the server certificate’s name will be an IP address). To verify that the certificate is valid, verify that the displayed fingerprint values match the following:
SHA-1: 0A 82 48 F6 9D 97 0F 8D D8 55 D0 E0 59 29 72 DA 64 B1 A8 45
SHA-256: 6B D0 D5 8D C8 F7 E8 03 9E A3 F1 52 32 1D 9C 5C 58 8B 4E FA DF 03 43 64 34 C2 6C 63 C5 4A AC 46