- Print
- PDF
Certificate Compatibility and Root Certificate Installation
- Print
- PDF
Available in Classic and VPC
Check Certificate Compatibility in advance
Operating system and software providers install the root certificate of a trusted certification authority in the root repository by default, enabling trusted SSL/TLS communication without installing a separate root certificate.
You can check in advance whether the operating system and software you are using are working normally by accessing the test website to which the issued certificate has been applied.
Please see Compatibility of Issued Certificates for a complete list of operating systems and software versions with compatible issued certificates.
Symptoms of certificate compatibility issues
If you use an operating system or software version that does not have the root certificate of NAVER Cloud Trust Services installed by default, the SSL/TLS certificate may be judged as an untrusted certificate, and communication may be abnormal or a warning may occur.
- Security warnings or exceptions occur when communicating with websites, applications, or APIs.
- Access may be blocked or errors may occur when communicating with websites, applications, or APIs.
When a compatibility issue occurs, it may differ depending on the software version, but usually the following error message or error code appears.
Examples of certificate compatibility issues for each software
Software | Error phrases or error codes | Root certificate update or manual installation targets |
---|---|---|
Google Chrome | NET::ERR_CERT_AUTHORITY_INVALID | (Chrome 105 or higher) Chrome browser itself (Chrome 105 or lower) Operating system with the Chrome browser installed |
Microsoft Edge | NET::ERR_CERT_AUTHORITY_INVALID | Operating system with the Edge browser installed |
Mozilla Firefox | SEC_ERROR_UNKNOWN_ISSUER | Firefox browser itself |
Apple Safari | A warning window saying the connected network is not private > click View Certificate > when you click the top level certificate, "This root certificate is not trusted" | Operating system with the Safari browser installed |
Google Android application | java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. | Android operating system |
JAVA application | PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target | JAVA TrustStore |
Resolving certificate compatibility issues
- Please check the root certificate update or manual installation targets in the examples of certificate compatibility issues for each software.
- Please update to a version that guarantees certificate compatibility or to the latest version. (Recommended first)
- If update is not possible, you must manually install and trust NAVER Cloud Trust Services root certificate.
- In a JAVA-based application environment, the root certificate must be installed manually for inter-server communication (e.g., REST API).
- Root certificate installation instructions for each software and operating system
Install Windows OS root certificate
To install the Windows OS root certificate, follow these steps:
- Download the NAVER root certificate.
- Please check the certificate information.
• NAVER Global Root Certification Authority – Public Key: RSA 4096 – Serial Number: 0194301EA20BDDF5C5332AB1434471F8D6504D0D – Fingerprint (SHA256): 88F438DCF8FFD1FA8F429115FFE5F82AE1E06E0C70C375FAAD717B34A49E7265 – Valid Until: 2037-08-19
- Execute the Local Machine certificate console (certlm.msc).
- Check after entering
certlm.msc
in Windows logo key + R > Execute; or - Browse >
certlm.msc
or search for "Computer certificate management" and execute it.
- Check after entering
- Run the certificate import wizard to add the NAVER root certificate to the trusted root certification authorities.
- Click Action > All operations > Import > File to import > "Browse" for the file name and change the file type to 'All files (.)' >
Select and open the NAVER root certificate (the name specified before downloading is naverrca1.der.) - At the certificate repository step, select "Save all certificates in the following repository" > Select "Trusted Root Certification Authorities" as the certificate repository > Next >
- check if the certificate repository, selected at the complete the certificate import wizard step, is "Trusted Root Certification Authority" and the file name is NAVER root certificate, and finish.
- Click Action > All operations > Import > File to import > "Browse" for the file name and change the file type to 'All files (.)' >
- Please check whether the NAVER root certificate has been normally imported.
- In the side menu to the left of certlm.msc, check whether the NAVER root certificate is included in the Certificate - Local Computer > Trusted Root Certification Authorities > Certificate folder.
- Please check whether the service or test website to which the issued certificate is applied works normally.
Install macOS root certificate
To install the macOS root certificate, follow these steps:
- Download the NAVER root certificate. Please check the certificate information.
• NAVER Global Root Certification Authority – Public Key: RSA 4096 – Serial Number: 0194301EA20BDDF5C5332AB1434471F8D6504D0D – Fingerprint (SHA256): 88F438DCF8FFD1FA8F429115FFE5F82AE1E06E0C70C375FAAD717B34A49E7265 – Valid Until: 2037-08-19
- Please execute the Keychain Access app.
- Click the system keychain.
- Drag the NAVER root certificate file onto the Keychain Access app.
- You may be asked to enter your computer administrator name and password or use Touch ID.
- After clicking the imported NAVER root certificate, click the Trust > Change SSL (Secure Sockets Layer) value from "Not the specified value" to "Always trust" > Close button.
- After closing, you may be asked to enter your computer administrator name and password or use Touch ID.
- Please check whether the service or test website to which the issued certificate is applied works normally.
Install iOS root certificate
To install the iOS root certificate, follow these steps:
Download the NAVER root certificate.
If "This website is trying to download the configuration profile. Will you allow this action?" pops up, please allow it.
- The profile is downloaded.
• NAVER Global Root Certification Authority – Public Key: RSA 4096 – Serial Number: 0194301EA20BDDF5C5332AB1434471F8D6504D0D – Fingerprint (SHA256): 88F438DCF8FFD1FA8F429115FFE5F82AE1E06E0C70C375FAAD717B34A49E7265 – Valid Until: 2037-08-19
Click Settings > Profile is downloaded > Install "NAVER Global Root Certification Authority" > Enter password > Install.
- You can check the certificate information in Details > Certificate at the profile installation step.
• NAVER Global Root Certification Authority – Public Key: RSA 4096 – Serial Number: 0194301EA20BDDF5C5332AB1434471F8D6504D0D – Fingerprint (SHA256): 88F438DCF8FFD1FA8F429115FFE5F82AE1E06E0C70C375FAAD717B34A49E7265 – Valid Until: 2037-08-19
Enable Settings > General > Information > Certificate trust settings > Enable all root certificates "NAVER Global Root Certification Authority."
Please check whether the service or test website to which the issued certificate is applied works normally.
Install Android OS root certificate
After downloading the certificate, install the NAVER root certificate as a user certificate in the terminal settings. It may differ depending on the manufacturer and OS version, but generally proceeds as follows:
Android 11
- Download the NAVER root certificate.
- Complete after Settings > Biometrics and security > Other security settings > Install the certificate saved on the device > CA certificate > Continue installation > Select the "naverrca1.der.crt" file in the path where you downloaded the certificate.
- The message "CA certificate has been installed" is displayed.
- Make sure Settings > Biometrics and security > Other security settings > Check certificate > User > "NAVER Global Root Certification Authority" certificate is displayed.
• NAVER Global Root Certification Authority – Public Key: RSA 4096 – Serial Number: 0194301EA20BDDF5C5332AB1434471F8D6504D0D – Fingerprint (SHA256): 88F438DCF8FFD1FA8F429115FFE5F82AE1E06E0C70C375FAAD717B34A49E7265 – Valid Until: 2037-08-19
- Please check whether the service or test website to which the issued certificate is applied works normally.
Android 10 or lower
- Download the NAVER root certificate.
- The certificate name window appears.
- Click Enter certificate name (example: naverrca1) > Select "VPN & Apps" in use > OK.
- You may be asked to enter a PIN, pattern, or password.
- The message "naverrca1 certificate has been installed" is displayed.
- Make sure Settings > Biometrics and security > Other security settings > Check certificate > User > "NAVER Global Root Certification Authority" certificate is displayed.
• NAVER Global Root Certification Authority – Public Key: RSA 4096 – Serial Number: 0194301EA20BDDF5C5332AB1434471F8D6504D0D – Fingerprint (SHA256): 88F438DCF8FFD1FA8F429115FFE5F82AE1E06E0C70C375FAAD717B34A49E7265 – Valid Until: 2037-08-19
- Please check whether the service or test website to which the issued certificate is applied works normally.
- The message saying, "If you haven't already set up a PIN, pattern, or password for the device, please do so," will be displayed.
- If the window for selecting the application to use appears when downloading the root certificate, select the Certificate Installation Wizard. Then, the certificate name is entered.
Install JAVA root certificate
To install the JAVA root certificate, follow these steps:
Download the NAVER root certificate.
Please check the certificate information.
• NAVER Global Root Certification Authority – Public Key: RSA 4096 – Serial Number: 0194301EA20BDDF5C5332AB1434471F8D6504D0D – Fingerprint (SHA256): 88F438DCF8FFD1FA8F429115FFE5F82AE1E06E0C70C375FAAD717B34A49E7265 – Valid Until: 2037-08-19
Please import the NAVER root certificate into truststore (cacerts) using the keytool command.
$ keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias naverrca1 -file /downloaded/path/of/naverrca1.der
Description of options:
- In the -keystore option, enter the path where the cacerts file is located. In general, it is in the
/jdk{installed version}/jre/lib/security
folder in which JAVA is installed. - In the -storepass option, enter the keystore password. The default password is
changeit
. If you are using a different password, please enter that password. - If you enter the -noprompt option, the certificate is immediately added to the truststore without final confirmation of the certificate information. If you want to check the entered certificate information once again, exclude this option.
- The -alias option specifies the alias to use when storing the certificate in the truststore. Aliases must be unique.
- In the -file option, enter the NAVER root certificate file including the download path.
- In the -keystore option, enter the path where the cacerts file is located. In general, it is in the
Please check whether the JAVA application to which the issued certificate is applied works normally.
When the keytool command is executed in Windows, the java.io.FileNotFoundException: (Access is denied)
error may occur. Please execute the command prompt with administrator privileges.