VPN users: Fermilab certificates for non-centrally managed Macs

VPN will require use of multifactor authentication via a YubiKey or RSA token beginning Aug. 5.

For those VPN users who have Mac devices that are not centrally managed by Fermilab, you must take the actions described below in order to use your YubiKey or RSA token.


• Before Aug. 5, you must make sure you have the most up-to-date versions of two certificates, the Fermilab Root CA certificate and the FERMI CA certificate by following the instructions in this article:
• Many of you likely installed the Fermilab Root CA certificate a few months ago when we notified you at that time. If not, you must do that now.
• Be sure to install both certificates on each device on which you use VPN. If you have more than one version of either certificate, please remove the older version as some users have experienced issues when multiple versions of a certificate are installed.
• If you do not have a properly configured certificate, you will receive an error message when you attempt to log in to the VPN client.