Getting Certificates Instructions — Mozilla Firefox

Instructions

  1. (Optional, Recommended) Set a password in your browser for certificate storage by following the instructions below. This is important so that your certificate isn't stored unencrypted on disk in your home directory.
  2. Install CSAIL Master CA from this link.
  3. Generate and install your CSAIL client certificate at this link. You'll have to type your CSAIL Kerberos password; make sure you don't let Firefox save it.

Setting a Certificate Storage Password for Firefox

Prepare your browser to securely store the certificate. This process sets a password Firefox will use to encrypt your certificate, which is important in case somebody — perhaps due to incorrect permissions on your home directory, or physical access to a backup tape — gets access to your Firefox profile directory. If you think you’ve already set a password, you should still go through this process to make sure.

(If you happen to use multiple user profiles on Firefox, this password is specific to each profile. On the other hand, it applies to all client certificates within a profile, so if you also have an MIT Athena client certificate or a certificate for some other site, that will be encrypted with the same password. Most people only use one profile in Firefox, so you probably don't have to worry about this.)

  1. Open Firefox Preferences (GNU/Linux: Edit->Preferences. Mac: Firefox->Preferences. Windows: Firefox->Options->Options)
  2. Click on the "Advanced" tab and select one of the operating systems below for instruction on how to get to "Security Devices."
  3. Select "Software Security Device", then click Change Password.
  • If "Current password" is "(not set)", enter a password that will protect your client certificates. (If there is a current password you wish to keep, hit "Cancel"; if you don't know the password, see bottom section.)
  • Click "OK" twice to get back to the Encryption tab of Options->Advanced.
  • Under Certificates, choose "Select one automatically"

Troubleshooting

If you are experiencing strange issues, this could be caused by old or corrupt certificates. Please delete your CSAIL Client and Master Certificate Authority in order to redo the certificate install process. To begin, start Firefox and go to "Preferences" -> "Advanced" -> "Certificates" ("Encryption" on Mac and GNU/Linux on Firefox 22 and below) -> "View Certificates." Under the "Your Certificates" tab, highlight your MIT CSAIL Client Certificate and press the delete button in the menu below to delete it. Then, select the "Authorities" tab in the same Certificate Manager and locate the CSAIL Master Certificate Authority. Select the item and press the "Delete or Distrust..." button in the menu below.

Resetting the "software security device" password

  • If you've forgotten/misplaced the master password that guards your certificates, Firefox offers a way to reset that password. Use this as a last resort, as all information the password protects will be lost after it's reset.
  • Copy and paste this URL into your Address Bar: chrome://pippki/content/resetpassword.xul
Topic attachments
I Attachment Action Size Date Who Comment
Auto_Select.PNGPNG Auto_Select.PNG manage 24.0 K 05 Aug 2013 - 22:08 FrankZhou  
Certificate_Viewer.PNGPNG Certificate_Viewer.PNG manage 51.8 K 05 Aug 2013 - 17:51 FrankZhou  
Delete_Client_Certificate_Linux.PNGPNG Delete_Client_Certificate_Linux.PNG manage 93.3 K 08 Aug 2013 - 17:15 FrankZhou  
Delete_Client_Certificate_Mac.PNGPNG Delete_Client_Certificate_Mac.PNG manage 211.5 K 08 Aug 2013 - 17:16 FrankZhou  
Delete_Client_Certificate_Windows.PNGPNG Delete_Client_Certificate_Windows.PNG manage 171.7 K 08 Aug 2013 - 17:16 FrankZhou  
Delete_Master_Certificate_Linux.PNGPNG Delete_Master_Certificate_Linux.PNG manage 133.5 K 08 Aug 2013 - 17:16 FrankZhou  
Delete_Master_Certificate_Mac.PNGPNG Delete_Master_Certificate_Mac.PNG manage 313.1 K 08 Aug 2013 - 17:16 FrankZhou  
Delete_Master_Certificate_Windows.PNGPNG Delete_Master_Certificate_Windows.PNG manage 174.6 K 08 Aug 2013 - 17:16 FrankZhou  
Downloading_Certificate.PNGPNG Downloading_Certificate.PNG manage 35.4 K 05 Aug 2013 - 17:37 FrankZhou  
Firefox_Advanced_Linux.PNGPNG Firefox_Advanced_Linux.PNG manage 53.2 K 05 Aug 2013 - 22:01 FrankZhou  
Firefox_Advanced_Mac.PNGPNG Firefox_Advanced_Mac.PNG manage 127.5 K 06 Aug 2013 - 15:40 FrankZhou  
Firefox_Advanced_Windows.PNGPNG Firefox_Advanced_Windows.PNG manage 28.6 K 05 Aug 2013 - 21:55 FrankZhou  
Firefox_Options.pngpng Firefox_Options.png manage 16.3 K 05 Aug 2013 - 21:27 FrankZhou  
Firefox_Options_Linux.PNGPNG Firefox_Options_Linux.PNG manage 70.6 K 05 Aug 2013 - 21:37 FrankZhou  
Firefox_Options_Mac.PNGPNG Firefox_Options_Mac.PNG manage 53.9 K 06 Aug 2013 - 15:27 FrankZhou  
Set_Password_Windows.PNGPNG Set_Password_Windows.PNG manage 43.7 K 05 Aug 2013 - 22:15 FrankZhou  
Submitting_Client_Cert_Request.PNGPNG Submitting_Client_Cert_Request.PNG manage 64.9 K 05 Aug 2013 - 21:45 FrankZhou  
Topic revision: 14 May 2015, JasonDorfman
 

MIT Computer Science and Artificial Intelligence Laboratory

 

  • About CSAIL
  • Research
  • News + Events
  • Resources
  • People

This site is powered by Foswiki MIT: Massachusetts Institute of Technology