Installing the WACAN SSL Certificate Authority


WACAN operates a SSL Certificate Authority, which allows us to issue SSL certificates for nodes on our network. In order for this to work correctly, you will need to add our “Root Certificate” to your computer. This will allow your machine to trust any certificates we issue.

Why do you need your own CA?

Unfortunately, none of the normal Certificate Authorities will allow us to generate certificates inside our custom TLD (wa.can); so we have to create our own. Running our own CA also allows us to issue any certificate we choose, without any additional cost to the association.

How to Install

I’ve documented the installation procedure for Windows, IOS, and Mac OS.


  • Go to and Download the file to your Downloads Folder.

  • Open your downloads folder, right click on the certificate file and click ‘Install Certificate

  • The Certificate Import Wizard will appear, click ‘Local Machine’, then click Next.

  • Your machine may prompt you to confirm you’d like to allow the program to make changes, please click Yes

  • Click “Place all certificates in the following store”, then click browse. Scroll until you see “Trusted Root Certification Authorities” and click OK

  • Ensure the window now looks as below, then click Next

  • Confirm everything looks the same as below, then click Finish… and we’re done!

Mac OS

  • Go to and Download the file to your Downloads Folder.

  • Open the downloaded file

  • You will be prompted to add the certificate to your keychain, select the ‘System’ Keychain and click Add

  • You will be prompted for your computer’s password, Enter it and click Modify Keychain

  • Your keychain will open. Once it has opened, click Always Trust

  • Close Keychain.




  • Go to and Download the file to your Downloads Folder.
  • Open a terminal session and install NSS command line tools: sudo apt-get install libnss3-tools
  • Import certificate: certutil -d sql:$HOME/.pki/nssdb -A -t “C,” -n WACAN -i ~/Downloads/wacan_public_key.cer
  • Check that the certificate has been imported using: certutil -d sql:$HOME/.pki/nssdb -L