Difference between revisions of "How To Install The Root Certificate"

From ECE Information Technology Services
Jump to navigationJump to search
(New ECE Root Certificate)
(Added instructions for iPhone and Google Chrome)
Line 22: Line 22:
  
  
===Internet Explorer on Windows and Safari on Windows===
+
===Internet Explorer, Safari, and Google Chrome on Windows===
 
To install the Root Certificate:
 
To install the Root Certificate:
  
# Click here, [http://help.ece.ubc.ca/CA.ece.ubc.ca.crt CA.ece.ubc.ca.crt].
+
# Click here, [http://help.ece.ubc.ca/CA.ece.ubc.ca.crt CA.ece.ubc.ca.crt], to download the certificate.
# If using Internet Explorer, click on the "Open" button in the dialog that appears.  If using Safari, double-click the ''CA.ece.ubc.ca.crt'' file that is saved to your Desktop to open it.
+
# Open the downloaded certificate.  If using Internet Explorer, click on the "Open" button in the dialog that appears.  If using Safari, double-click the ''CA.ece.ubc.ca.crt'' file that is saved to your Desktop to open it.  In Chrome, open the downloaded file through the status bar.
 
# In the "Details" tab, verify that the SHA1 thumbprint matches the one listed shown above.
 
# In the "Details" tab, verify that the SHA1 thumbprint matches the one listed shown above.
 
# In the "General" tab, click on the 'Install Certificate...' button in the window that opens.
 
# In the "General" tab, click on the 'Install Certificate...' button in the window that opens.
Line 78: Line 78:
 
if necessary):
 
if necessary):
  
# From the "Tools" menu, select "Options..." to open the "Options" dialog
+
# From the "Tools" menu, select "Options..." to open the "Options" dialog box.
box.
 
 
# Click on the "Advanced" icon, then click on the "View Certificates" button to open the "Certificate Manager" dialog box.
 
# Click on the "Advanced" icon, then click on the "View Certificates" button to open the "Certificate Manager" dialog box.
 
# Select the "Authorities" tab.
 
# Select the "Authorities" tab.
Line 98: Line 97:
 
# If X509Anchors is not one of the keychains listed in the right hand pane, select "Add Keychain..." from the "Open" menu.  From the "File Open" dialog box, select ''/System/Library/Keychains/X509Anchors''.
 
# If X509Anchors is not one of the keychains listed in the right hand pane, select "Add Keychain..." from the "Open" menu.  From the "File Open" dialog box, select ''/System/Library/Keychains/X509Anchors''.
 
# Find the certificate you wish to manage / delete.  Our certificate appears under "ECE Certificate Authority."
 
# Find the certificate you wish to manage / delete.  Our certificate appears under "ECE Certificate Authority."
 +
 +
 +
===iPhone and iPod Touch (verified with iPhone OS 3.0)===
 +
To install the Root Certificate:
 +
 +
# Open this page in Safari, and open this link, [http://help.ece.ubc.ca/CA.ece.ubc.ca.crt CA.ece.ubc.ca.crt].  You should then see an "Install Profile" screen.
 +
# Tap "More Details", then select the certificate.  Verify the correctness of the signature (BC AD 39 E7 EA 98...) and key identifier (E6 D2 D9 0C 06...).
 +
# Go back to the "Install Profile" screen and tap the "Install" button.    [[File:RootCertIPhone1.jpg|160px|thumb|left|Opening the certificate]][[File:RootCertIPhone2.jpg|160px|thumb|right|Verifying the certificate]]
 +
<br style="clear: both" />
 +
 +
To manage already installed certificates (so that you can delete the old one, if necessary):
 +
 +
# Open the "Settings" application
 +
# Under ''General → Profiles'', select "ECE Certificate Authority".

Revision as of 16:49, 30 July 2009

Some of ECE's SSL-encrypted departmental and research group websites each have server certificates which have been signed by the Department's Certficate Authority (CA). Being self-signed, the Department's Root Certificate is not recognized by any web browser, be it Mozilla Firefox, Internet Explorer or other. Therefore, your web browser will warn you that it cannot the identity of the webserver when when accessing these websites.

To avoid these warnings, you should add the ECE Department's Root Certificate to your browser's list of trusted certificate authorities. After adding the Root Certificate, you should no longer receive warnings about our server certificates (until the ECE Root Certificate expires in May 2014).

To install the Root Certificate, please find application-specific instructions below. Please note that you may need to delete the previously installed ECE Certificate Authority certificate (aka Root Certificate) before installing the new one. Instructions on managing certificate authorities is included below.

Please ensure that the certificate you retrieve has the following fingerprint(s):

  • SHA1 Fingerprint=CF:E2:09:72:EF:E8:DC:43:03:19:0E:EB:FF:25:D7:62:CB:6F:57:D2
  • MD5 Fingerprint=87:56:19:C1:5D:A7:17:B5:C3:8A:E5:C8:3B:51:2A:4B


Internet Explorer, Safari, and Google Chrome on Windows

To install the Root Certificate:

  1. Click here, CA.ece.ubc.ca.crt, to download the certificate.
  2. Open the downloaded certificate. If using Internet Explorer, click on the "Open" button in the dialog that appears. If using Safari, double-click the CA.ece.ubc.ca.crt file that is saved to your Desktop to open it. In Chrome, open the downloaded file through the status bar.
  3. In the "Details" tab, verify that the SHA1 thumbprint matches the one listed shown above.
  4. In the "General" tab, click on the 'Install Certificate...' button in the window that opens.

To manage already installed certificates (so that you can delete the old one, if necessary):

  1. In the Windows Control Panel, select "Internet Options" to open the "Internet Options" dialog box. (In Internet Explorer, the "Internet Options" dialog box can also be accessed via the "Tools" menu.)
  2. Select the "Content" tab and click on the "Certificates..." button to open the "Certificates" dialog box.
  3. Select the "Trusted Root Certification Authorities" tab.
  4. Find the certificate you wish to manage / remove. Our certificate appears as "ECE Certificate Authority".


Mozilla (verified with Mozilla version 1.7 and Netscape 7.1)

Note: The Netscape browser (6.0 and above) is a rebranded Mozilla browser.

To install the Root Certificate:

  1. Click here, CA.ece.ubc.ca.crt.
  2. On the dialog box that appears, check all three boxes:
  • Trust this CA to identify web sites.
  • Trust this CA to identify email users.
  • Trust this CA to identify software developers.
  1. Click on the "View" button and verify the SHA1 and MD5 thumbprints with those above.
  2. Click the "OK" to install the certificate.


To manage already installed certificates (so that you can delete the old one, if necessary):

  1. From the "Edit" menu, select "Preferences..." to open the "Preferences" dialog box.
  2. Expand the "Privacy & Security" group and select the "Certificates" panel.
  3. Click on the "Manage Certificates..." button to open the "Certificate Manager" dialog box.
  4. Select the "Authorities" tab.
  5. Find the certificate you wish to manage / delete. Our certificate appears under "University of British Columbia."


Mozilla Firefox (verified with Mozilla Firefox 2.0)

To install the Root Certificate:

  1. Click here, CA.ece.ubc.ca.crt.
  2. On the dialog box that appears, check all three boxes:
  • Trust this CA to identify web sites.
  • Trust this CA to identify email users.
  • Trust this CA to identify software developers.
  1. Click on the "View" button and verify the SHA1 and MD5 thumbprints with those above.
  2. Click the "OK" to install the certificate.

To manage already installed certificates (so that you can delete the old one, if necessary):

  1. From the "Tools" menu, select "Options..." to open the "Options" dialog box.
  2. Click on the "Advanced" icon, then click on the "View Certificates" button to open the "Certificate Manager" dialog box.
  3. Select the "Authorities" tab.
  4. Find the certificate you wish to manage / delete. Our certificate appears under "University of British Columbia."


Safari and Mac OS/X 10.3 (verified with Mac OS/X 10.3)

To install the Root Certificate:

  1. Click here, CA.ece.ubc.ca.crt, and download the file to your Desktop.
  2. Double click on the CA.ece.ubc.ca.crt file. The "Keychain Access" application will open and a certificate import dialog box will appear.
  3. Select X509 Anchors from the drop down list in the import window.
  4. Click on the 'Install Certificate...' button.

To manage already installed certificates (so that you can delete the old one, if necessary):

  1. Open the "Keychain Access" application (usually found in /Applications/Utilities/)
  2. If X509Anchors is not one of the keychains listed in the right hand pane, select "Add Keychain..." from the "Open" menu. From the "File Open" dialog box, select /System/Library/Keychains/X509Anchors.
  3. Find the certificate you wish to manage / delete. Our certificate appears under "ECE Certificate Authority."


iPhone and iPod Touch (verified with iPhone OS 3.0)

To install the Root Certificate:

  1. Open this page in Safari, and open this link, CA.ece.ubc.ca.crt. You should then see an "Install Profile" screen.
  2. Tap "More Details", then select the certificate. Verify the correctness of the signature (BC AD 39 E7 EA 98...) and key identifier (E6 D2 D9 0C 06...).
  3. Go back to the "Install Profile" screen and tap the "Install" button.
    Opening the certificate
    Verifying the certificate


To manage already installed certificates (so that you can delete the old one, if necessary):

  1. Open the "Settings" application
  2. Under General → Profiles, select "ECE Certificate Authority".