import { CertificateDownload } from '../../../components/CertificateDownload'
# Installing Root CA
To ensure your browser trusts certificates issued by TrustLab, you must install our Root CA.
## Quick Installation (Recommended)
Instantly install all TrustLab Root & Intermediate certificates using our automated scripts.
import { Tabs } from 'nextra/components'
### Linux / Server (CLI)
Select your distribution to get the optimized installation command:
```bash
sudo apt update && sudo apt install -y curl && curl -sL https://cdn.trustlab.dyzulk.com/ca/bundles/trustlab-all.sh | sudo bash
```
```bash
(sudo yum install -y curl || sudo dnf install -y curl) && curl -sL https://cdn.trustlab.dyzulk.com/ca/bundles/trustlab-all.sh | sudo bash
```
```bash
sudo pacman -Sy --noconfirm curl && curl -sL https://cdn.trustlab.dyzulk.com/ca/bundles/trustlab-all.sh | sudo bash
```
```bash
curl -sL https://cdn.trustlab.dyzulk.com/ca/bundles/trustlab-all.sh | sudo bash
```
### Windows
[Download Auto-Installer (.bat)](https://cdn.trustlab.dyzulk.com/ca/bundles/trustlab-all.bat)
*Right-click and Run as Administrator explicitly.*
### macOS / iOS
[Download Configuration Profile (.mobileconfig)](https://cdn.trustlab.dyzulk.com/ca/bundles/trustlab-all.mobileconfig)
*Go to System Settings > Privacy & Security > Profiles to install after downloading.*
---
import { Steps } from 'nextra/components'
## Manual Installation Guide
If you prefer to install certificates manually, follow these steps for your operating system.
### Download the Certificate
Download the **[Root CA (.crt)](https://cdn.trustlab.dyzulk.com/ca/dydev-its-true.crt)** file.
### Open Certificate
Double-click the downloaded `dydev-its-true.crt` file. Click **"Install Certificate"**.
### Select Store Location
Select **"Local Machine"** (Requires Admin rights) and click Next.
### Browse Certificate Store
Choose **"Place all certificates in the following store"** and click **Browse**.
Select **Trusted Root Certification Authorities**.
### Finish
Click Next and Finish. The certificate is now installed system-wide.
### Download
Download the **[Root CA (.crt)](https://cdn.trustlab.dyzulk.com/ca/dydev-its-true.crt)** file.
### Add to Keychain
Double-click the file to open **Keychain Access**.
Select the **System** keychain.
### Trust the Certificate
Double-click the "DyDev Its True" (Root CA) in the list.
Expand the **Trust** section.
Change "When using this certificate" to **Always Trust**.
### Download
Download the **[Root CA (.crt)](https://cdn.trustlab.dyzulk.com/ca/dydev-its-true.crt)** or **[DER Format](https://cdn.trustlab.dyzulk.com/ca/dydev-its-true.der)**.
### Install via Settings
Go to **Settings** > **Security** > **Encryption & Credentials**.
Tap **Install a certificate** > **CA Certificate**.
### Select File
Select "Install anyway" if prompted, then choose the downloaded file.
### Download
Download the **[Root CA (.crt)](https://cdn.trustlab.dyzulk.com/ca/dydev-its-true.crt)** file.
### Install (Debian/Ubuntu)
Copy the file to the CA directory:
```bash
sudo cp dydev-its-true.crt /usr/local/share/ca-certificates/trustlab-root.crt
```
### Update Store
Update the CA store:
```bash
sudo update-ca-certificates
```
*For RHEL/CentOS, copy to `/etc/pki/ca-trust/source/anchors/` and run `update-ca-trust`.*
## Intermediate Certificates
In most cases, installing the Root CA is sufficient for client trust. However, for server configuration or specific use cases, you may need the Intermediate CAs.
| Certificate | Algorithm | Download |
| :--- | :--- | :--- |
| **TrustLab Intermediate CA** | RSA 4096 | **[Download (.crt)](https://cdn.trustlab.dyzulk.com/ca/trustlab-intermediate-ca-4096.crt)** |
| **TrustLab Intermediate CA** | RSA 2048 | **[Download (.crt)](https://cdn.trustlab.dyzulk.com/ca/trustlab-intermediate-ca-2048.crt)** |