Before you Begin

In order to get a CSAIL certificate, you need a CSAIL account. If you do not have one already, aren't sure if you do, or can't remember your password, please contact your system administrator or e-mail help@csail.mit.edu. If you can log in to login.csail.mit.edu, you have a CSAIL account.

Getting certificates

• Install authority certificates: By installing these certificates, your browser will be able to recognize and trust certificates signed by CSAIL. (see below for step by step instructions.)
• Request a CSAIL certificate for your browser ("personal certificate"): These certificates allow CSAIL Web servers to identify your browser, which is required in order to access certain files and applications.
• Back up your certificate: Although you can start viewing protected CSAIL files after the two steps above, you should always make a backup copy of your certificates and store it somewhere safe. This will allow you to use your certificates in more than one browser and in other applications such as electronic mail. It will also help you restore your access if for some reason your browser settings are corrupted.

Step by step instructions

We have specific instructions for the three most commonly used browsers in CSAIL.

• Mozilla Firefox
• Apple Safari
  • the iPhone's Safari requires some gymnastics for personal certs
• Microsoft Internet Explorer
  • Mobile IE behaves similarly to IE on the desktop
  • IE on Vista requires a workaround, however

Verifying the validity of the authority certificates

There is a printed copy of the Master CA certificate in the Reading Room available for your inspection. For convenience, the certificate checksums are also given below (but you should not trust this server any more than another):

  SHA-1: F91B A9CC 76F0 68EA 8131   5A08 10AB A637 B812 0792
    MD5: 0E88 F332 92DC 1DC2   91E7 0FC2 AD2A ADC4

Troubleshooting

You can visit https://inquir.csail.mit.edu/cgi-bin/check-certificate to check the certificate your browser is presenting to CSAIL Web servers. If your certificate is valid, this page will display information about it.

"Certificate expired" errors appear even though it is "valid through" a future date

The issuing Certificate Authority used to issue CSAIL certificates from July 2007 - May 2008 has itself expired in mid-July 2008, causing this error. Obtaining new certificates as described above should fix things, especially if also you delete your old certificates.

Error Code -12227

If you have an expired CSAIL certificate or are missing one completely, you'll get an error message similar to the following one when you try to access a certificate-protected page:

hostname has received an incorrect or unexpected message. Error Code: -12227

Solution: Delete any expired certificates you have and get a new one.

Topic CertificatesIntro . { Edit Attach Backlinks: Web All webs Printable History: r32 < r31 < r30 < r29 < r28 More }