Getting Certificates Instructions — Mozilla Firefox

Instructions

1. (Optional, Recommended) Set a password in your browser for certificate storage by following the instructions below. This is important so that your certificate isn't stored unencrypted on disk in your home directory.
2. Install CSAIL Master CA from this link.
3. Generate and install your CSAIL client certificate at this link. You'll have to type your CSAIL Kerberos password; make sure you don't let Firefox save it.

Setting a Certificate Storage Password for Firefox

Prepare your browser to securely store the certificate. This process sets a password Firefox will use to encrypt your certificate, which is important in case somebody — perhaps due to incorrect permissions on your home directory, or physical access to a backup tape — gets access to your Firefox profile directory. If you think you’ve already set a password, you should still go through this process to make sure.

(If you happen to use multiple user profiles on Firefox, this password is specific to each profile. On the other hand, it applies to all client certificates within a profile, so if you also have an MIT Athena client certificate or a certificate for some other site, that will be encrypted with the same password. Most people only use one profile in Firefox, so you probably don't have to worry about this.)

1. Open Firefox Preferences (GNU/Linux: Edit->Preferences. Mac: Firefox->Preferences. Windows: Firefox->Options->Options)
2. Click on the "Advanced" tab and select one of the operating systems below for instruction on how to get to "Security Devices."
3. Select "Software Security Device", then click Change Password.

• If "Current password" is "(not set)", enter a password that will protect your client certificates. (If there is a current password you wish to keep, hit "Cancel"; if you don't know the password, see bottom section.)
• Click "OK" twice to get back to the Encryption tab of Options->Advanced.
• Under Certificates, choose "Select one automatically"

Troubleshooting

If you are experiencing strange issues, this could be caused by old or corrupt certificates. Please delete your CSAIL Client and Master Certificate Authority in order to redo the certificate install process. To begin, start Firefox and go to "Preferences" -> "Advanced" -> "Certificates" ("Encryption" on Mac and GNU/Linux on Firefox 22 and below) -> "View Certificates." Under the "Your Certificates" tab, highlight your MIT CSAIL Client Certificate and press the delete button in the menu below to delete it. Then, select the "Authorities" tab in the same Certificate Manager and locate the CSAIL Master Certificate Authority. Select the item and press the "Delete or Distrust..." button in the menu below.

Resetting the "software security device" password

• If you've forgotten/misplaced the master password that guards your certificates, Firefox offers a way to reset that password. Use this as a last resort, as all information the password protects will be lost after it's reset.
• Copy and paste this URL into your Address Bar: chrome://pippki/content/resetpassword.xul