Obtaining MIT Certificates

If you are not familiar with web certifcates, please take the time to read through the whole story.

Two Step Process

  1. Obtain an MIT Certificate Authority Certificate
  2. Obtain a personal certificate

The Whole Story


Introduction

Secure web servers make use of the Secure Socket Layer (SSL) protocol to provide user authentication to the server as well as proof to you that the server is what it claims to be. In addition, all information sent from and to a secure web server is encrypted so that network eavesdroppers cannot listen in.

You may access a secure server using the Netscape Navigator browser, version 3.0 or later. However before you access it, you need to perform a few setup steps.

First you need to obtain and install a copy of the MIT Certificate Authority Certificate. This step is done online from the Netscape Navigator browser. This special Certificate is required for your browser to recognize the legitimacy of the server.

The second step is for you to obtain your own personal certificate (sometimes called a Digital ID[tm]). You do this by accessing the MIT Certificate Issuing Service which will install on your computer (or in your Athena files) a personal certificate that identifies you. To obtain this certificate you will need to provide your MIT username and password (also referred to as Kerberos username and password, email username and password, Athena username and password, or Eudora username and password) as well as your MIT ID number to the Certificate Issuing Service. The service itself is run on a secure web server so that all information you send it, such as your MIT password, is encrypted when it goes over the network.

If you want to learn more about secure web servers and certificates, refer to Netscape Security Solutions.


Prerequisites

In order to get an MIT Certificate, you need:

Obtain an MIT Certificate Authority Certificate

do this first before obtaining a personal certificate

NOTE: You can either go immediately to obtain an MIT Certificate Authority Certificate or read through the following information that guides you through the process, then click on the link at the end of this section.

An MIT Certificate Authority Certificate ensures that you are connecting to the real web server. This certificate is valid for approximately 10 years.

To get an MIT Certificate Authority Certificate, fill out the New Certificate Authority Web form (link provided at the bottom of this section). On-screen instructions will lead you through a series of screens that describe the process and ask you some questions.

To navigate through the screens,

During the process,

Go and obtain an MIT Certificate Authority Certificate.


Obtain a personal certificate

you must obtain an MIT Certificate Authority Certificate before doing this

NOTE: You can either go immediately to Obtain a Personal Certificate or read through the following information that guides you through the process then click on the link at the end of this section.

A personal certificate is associated with your Athena password. It proves that you are authorized to access the secure web server. During the process of obtaining a personal certificate, you also obtain a private key. These two work together to give you secure access to the web server.

To learn more about keys and certificates, refer to the certificate section in the RSA Laboratories FAQ.

To get a personal certificate and associated private key, fill out the Get an MIT Certificate Web form (link provided at the end of this section). You'll have to enter your MIT username and password (also referred to as Kerberos username and password, network ID and password, email username and password or Eudora username and password), and your MIT ID. Then on-screen instructions will lead you through a series of screens that describe the process.

During the process, you need to make some decisions:

To navigate through the screens,

Go and obtain a personal certificate.


If you're sharing a computer

If you're sharing a Mac or Windows computer with another student and you both want to access the secure web server, you can set up your machine so that you each have your own MIT certificate authority and personal certificate.


If you're using more than one computer

If you use more than one computer to access the secure web server, you need to get an MIT Certificate Authority Certificate and a personal certificate for each computer. The certificates are stored as files on the hard disk of each machine. If you use Athena to access the secure web server, you also need to get the MIT Certificate Authority Certificate and personal certificate, but not for each Athena workstation. The certificates are stored in your locker and are accessible anytime you log into Athena, wherever that workstation may be.


If you forget your Netscape password

If you forget your Netscape password you need to remove some files and repeat the procedures for getting both MIT certificate authority and getting a personal certificate:

  1. Quit Netscape.
  2. Choose a method for removing files based on the computing platform you're using:

Last modified: Fri Jan 16, 1998 07:43 by tom@mit.edu