Secure Web resources generally don't accept Kerberos credentials directly. Obtaining Web Certificates (below) is necessary for authentication to CSAIL secure websites, and various related purposes.
Getting certificates
- Install authority certificate
- Installing this certificate, known as "Master CA", lets your browser recognize and trust secure CSAIL websites. (Click YES to any "trust" checkboxes, even if you skip the "step by step instructions" below.)
- Ensure that you have a CSAIL account.
- If you do not have one already, aren't sure if you do, or can't remember your password, please contact your system administrator or e-mail help@csail.mit.edu. If you can log in to
login.csail.mit.edu, you have a CSAIL account.
- If you do not have one already, aren't sure if you do, or can't remember your password, please contact your system administrator or e-mail help@csail.mit.edu. If you can log in to
- Request a CSAIL client certificate for your browser
- Installing this certificate in your browser allows CSAIL Web servers to identify your browser as representing you. Most secure CSAIL websites require your CSAIL client certificate to function, as do particular files on otherwise public CSAIL websites.
- Back up your certificate (optional)
- You can now start viewing protected CSAIL files. However, if you expect to use your certificates for encrypting or signing documents or electronic mail, you may wish to make a backup copy of your client certificate and store it somewhere safe.
Step by step instructions
We have specific instructions for the most commonly used browsers at CSAIL.- Mozilla Firefox
- Apple Safari
- iPhone ("Mobile Safari")
- Microsoft Internet Explorer
- IE on Windows XP (or on Windows Mobile devices)
- Workaround for Windows Vista, Windows 7, etc.
- Google Chrome/Windows
Verifying the validity of the authority certificates
There is a printed copy of the Master CA certificate available for your inspection at the TIG Help Desk (32-276). For convenience, the certificate checksums are also given below (but you should not trust this server any more than another):
SHA-1: F91B A9CC 76F0 68EA 8131 5A08 10AB A637 B812 0792
MD5: 0E88 F332 92DC 1DC2 91E7 0FC2 AD2A ADC4
Troubleshooting
You can visit https://inquir.csail.mit.edu/cgi-bin/check-certificate to check the client certificate your browser is presenting to CSAIL Web servers. If your certificate is valid, this page will display information about it.Error Codes
- Firefox 3:
Secure Connection Failed...Error code: ssl_error_handshake_failure_alert- Delete any expired client certificates you have and get a new one. The authority certificate is already installed correctly.
