Getting Certificates Instructions - Apple Safari

HEY, YOU DON'T REALLY WANT TO DO THIS!

Safari is a great web browser, but it is fundamentally broken with regard to client-side certificates. It employs Apple Keychain, which makes it very difficult for Safari to distinguish between multiple client certificates. A spring 2008 security update made the situation worse. The moral of the story is that Safari will always "guess" the wrong certificate, after asking you about it, unless you create a "Security Preference" for each CSAIL- and/or MIT-affiliated website you ever plan to visit...so just use Firefox.

So there's really no point in reading this documentation unless you are planning on ONLY installing a CSAIL client certificate. The below instructions are also necessary for Mac OS devices to connect to the CSAILPrivate wireless network.

Prerequisites

If running MacOS 10.5 "Leopard", be sure to update to at least 10.5.4 to make Safari's certificate selection algorithm (described above) slightly less broken.

Installing Authority Certificates

• Click Install authority certificates. master.cer will be downloaded to your Downloads folder (Desktop on 10.4)
• Double-click master.cer.
• Keychain Access will load. Choose X509Anchors? if available (in 10.4), or System if not (in 10.5)
• You may need to provide your password twice (first to install the certificate, then to trust it).

Obtaining CSAIL (Personal) Certificates for your Browser

After installing your authority certificates, you have to obtain client certificates for your browser. This allows our network to identify you.

• Click here to open the request page. If you are unsure whether the page you just opened is the correct page, click here to view what the request page should look like.
• Make sure you read the directions on that page. Since they are pretty long on that page, here they are summarized for the hurried:
  1. If this is your first time requesting a certificate in this browser, you will be asked to enter a password. This becomes your browser password, and should be chosen carefully, since anyone who knows this password can impersonate you.
  2. From the drop-down menu on that page, select the longest key length available.
  3. Click the submit button.
  4. After some time, you should notice one of two things:
     • Your browser has stopped: this means that the certificate transaction has been completed successfully.
     • You get an error message: this means that something is wrong with your browser.
• If prompted, place the resulting certificate in the login Keychain.

Topic CertificatesSafari . { Edit Attach Backlinks: Web All webs Printable History: r12 < r11 < r10 < r9 < r8 More }