Cookies on this website

We use cookies to ensure that we give you the best experience on our website. If you click 'Accept all cookies' we'll assume that you are happy to receive all cookies and you won't see this message again. If you click 'Reject all non-essential cookies' only necessary cookies providing core functionality such as security, network management, and accessibility will be enabled. Click 'Find out more' for information on how to change your cookie settings.

How to install the FMRIB TLS signing certificate onto your computer on web browser to avoid certificate errors/warnings when using particular FMRIB services.


When using some FMRIB services you will need to trust our Certificate Authority signing certificate otherwise your web browser will display warnings and prevent you accessing the services. This section provides instructions for importing this certificate into various operating systems or (where appropriate) web browsers.

If your environment is not covered by the above then contact computing-help for advice.

How to install the FMRIB CA certificate into Windows 10/11


Download the WIN authentication certificate and double-click the file. Windows will display the certificate details:

Issued to: Certificate Authority

Issued by: Certificate Authority

Valid from 09/04/2019 to 09/04/2039

Confirm that the certificate is correct by clicking on the Details tab and then Issuer. This should display:

CN = Certificate Authority


And the Thumbprint:


Return to the General tab and click on 'Install Certificate'. This will launch the certificate import wizard. For single user machines, 'Current User' is fine, multi-user machines should use Local Machine. Click Next.

Select Place all certificates in the following store and click Browse... Select, Trusted Root Certifications Authorities and click OK.

Installing the WIN CA certificate on macOS

Machines managed by Orchard already have the certificate installed. Any computer that can already authenticate to our ethernet networks and also has this certificate installed.

Other machines should download our CA Certificate and install using Apple's instructions. Once installed you need to trust the certificate.

In KeyChain Access, double click on the CA certificate 'Certificate Authority'. Check that the details are as follows:

Subject Name > Organisation IPA.FMRIB.OX.AC.UK

and in the Fingerprints at the bottom:

SHA-256: 0D E4 8E FA 21 E9 A8 16 CC 47 FB BE 27 65 19 DD 70 44 E9 3A 4E FD FE 81 87 28 70 9C 96 A5 E4 6B

Back at the top of the window, expand the Trust section. In here, change Secure Sockets Layer (SSL) to 'Always Trust'. Close the window and authenticate when prompted.

Installing the FMRIB Certificate Authority certificate into Firefox

Download our certificate from:

FMRIB CA Certificate

Then from the Firefox menu (three horizontal bars), choose Settings.

Click on the Padlock 'Privacy & Security' section and scroll down to Certificates. Click on 'View Certificates',

In the Certificate Manager window, make sure 'Authorities' is selected and then click on 'Import...'.

Browse to and select the certificate you downloaded above, use the 'View' option to confirm that the 'SHA-256' fingerprint is:

0D E4 8E FA 21 E9 A8 16 CC 47 FB BE 27 65 19 DD 70 44 E9 3A 4E FD FE 81 87 28 70 9C 96 A5 E4 6B

Return to the approval window, tick 'Trust this CA to identify web sites' and click OK.


How to install the FMRIB CA Certificate into the Chrome web browser

Chrome uses your operating system's certificate store, so make sure that your OS has the certificate already installed - see the macOS and Windows tabs.