User Tools

Site Tools


computing:certificate

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revision Both sides next revision
computing:certificate [2009/12/29 18:42]
lessem
computing:certificate [2009/12/30 20:41]
lessem
Line 2: Line 2:
 The [[http://en.wikipedia.org/wiki/Certificate_authority|certificate authority]](CA) which issued IBG's website certificate has had their own certificate expire.  They have issued a new certificate, but the new certificate is not yet incorporated into many web browsers.  Web browsers that do not have the new certificate will show a security warning.  To avoid this warning the new CA certificate must be installed in your browser. The [[http://en.wikipedia.org/wiki/Certificate_authority|certificate authority]](CA) which issued IBG's website certificate has had their own certificate expire.  They have issued a new certificate, but the new certificate is not yet incorporated into many web browsers.  Web browsers that do not have the new certificate will show a security warning.  To avoid this warning the new CA certificate must be installed in your browser.
  
-Detailed instructions for updating the certificate will be provided soon. 
  
 ===== Certificate Installation Instructions ===== ===== Certificate Installation Instructions =====
Line 10: Line 9:
 To install the new certificate, go to the CA's website at [[http://certs.ipsca.com/Support/hierarchy-ipsca.asp]] and then click the ''ipsCA Global CA Root'' link at the bottom of the page: To install the new certificate, go to the CA's website at [[http://certs.ipsca.com/Support/hierarchy-ipsca.asp]] and then click the ''ipsCA Global CA Root'' link at the bottom of the page:
  
-[[http://certs.ipsca.com/Support/hierarchy-ipsca.asp|{{:computing:ipsca-root.png|}}]]+[[http://certs.ipsca.com/Support/hierarchy-ipsca.asp|{{ :computing:ipsca-root.png |ipsCA website example}}]]
  
-Or, [[http://certs.ipsca.com/store/ipsCAGlobal.crt|click here to install the certificate directly from this page]].+Or, [[http://certs.ipsca.com/store/ipsCAGlobal.crt|click here to install the certificate directly from their page]].
  
-==== Microsoft Internet Explorer ====+That will bring up a dialog box.  Check the box for ''Trust this CA to identify web sites'' and then click ''OK''.
  
-Run Microsoft Update, go to Custom, then Optional Updates, and install the Update for Root Certificates.+{{ :computing:firefox-authorize.png |check the box for "Trust this CA to identify web sites."}}
  
-{{:computing:xp-custom.png|}}+==== Thunderbird ====
  
-{{:computing:xp-optional.png|}}+Installation of the updated certificate in Thunderbird requires downloading the certificate, and then importing it. 
 +  - [[http://certs.ipsca.com/store/ipsCAGlobal.crt|Right click on this link and select "Save link as"]] or do whatever is necessary to save a link as a file using your browser. 
 +  - Save the ''ipsCAGlobal.crt'' file to a convenient location. 
 +  - Open Thunderbird and go to the ''Tools'' or ''Edit'' menu and select ''Preferences'' (different versions of Thunderbird put ''Preferences'' in different locations). 
 +  - In the Thunderbird Preferences window click on the ''Advanced'' button. 
 +  - Click on the ''Certificates'' tab. 
 +  - Click on the ''View Certificates'' button. 
 +  - In the Certificate Manager window, click on the ''Authorities'' tab. 
 +  - Click on the ''Import'' button. 
 +  - Open the ''ipsCAGlobal.crt'' file which you previously saved. 
 +  - In the Downloading Certificate window, check the box next to ''Trust this CA to identify web sites''
 +  - Click ''OK'' on the Downloading Certificate window. 
 +  - Click ''OK'' on the Certificate Manager window. 
 +  - Click ''Close'' on the Thunderbird Preferences window. 
 + 
 + 
 + 
 + 
 + 
 +==== Microsoft Products (Internet Explorer, Outlook, etc.) ==== 
 + 
 +Microsoft has included the updated ipsCA certificate in their root certificate update pack.  The updated pack can be installed through the normal Microsoft Update procedures, or [[http://support.microsoft.com/kb/931125/en-us/|downloaded directly from Microsoft]]. 
 + 
 +=== Windows XP === 
 + 
 +  - Run Microsoft Update (or Windows Update) from the Start menu. 
 +  - Once it starts click on the "Custom" button. {{ :computing:xp-custom.png |Click the Custom button on Microsoft Update}} 
 +  - Then click "Software, Optional" from the left panel. {{ :computing:xp-optional.png |Click "Software, Optional" on Microsoft Update}} 
 +  - Then check the box next to "Update for Root Certificates" {{ :computing:xp-updateforroot.png |Check the "Update for Root Certificates" update}} 
 +  - Then click the "Review and install updates" link to begin downloading and installing the updates.  Other updates may be included. 
 + 
 +=== Windows 7 and Windows Vista === 
 + 
 +Windows 7 and Windows Vista normally will [[http://technet.microsoft.com/en-us/library/cc749331%28WS.10%29.aspx|automatically download updated certificates]] with no necessary user interaction. 
 + 
 +==== Mac OS X and applications (Safari and Mail.app) ==== 
 + 
 +To add the CAcert Root Certificate to Apple Safari, use the Keychain Access application which is shipped with Mac OS X. 
 + 
 +To install the certificate system-wide, you need to follow these steps: 
 + 
 +   - Download the [[http://certs.ipsca.com/store/ipsCAGlobal.crt|updated certificate]] and save it someplace convenient. 
 +   - Double click on the ''ipsCAGlobal.crt'' file. The Keychain Access application will be launched 
 +   - Select ''System'' from the ''Keychain'' dropdownlist and press ''OK''
 +   - You will be asked to authenticate yourself. 
 +   - Click ''Always Trust'' 
 +   - You will then have to authenticate yourself again. 
 + 
 +==== Google Chrome ==== 
 + 
 +Google Chrome uses the native operating system to handle certificates.  Follow the instructions to make sure that [[:computing:certificate#microsoft_products_internet_explorer_outlook_etc|Microsoft Windows]] or [[:computing:certificate#mac_os_x_and_applications_safari_and_mail.app|Mac OS X]] has the new certificate.  However, in the version of Google Chrome release version available as of this writing (3.0.195.38) there is a bug which requires clearing the cache to properly validate the new certificate if the website was visited while the old certificate was in place. 
 + 
 +If you visit the [[https://ibg.colorado.edu|IBG secure website]] and there are no errors or warnings, then nothing else needs to be done. 
 + 
 +If after updating your operating system the Chrome address bar shows a red ''https:'' with a line through it, then follow these steps to force Chrome to reload the certificate. 
 +  - Click the wrench in the top right corner 
 +  - Click ''Clear browser data'' 
 +  - Make sure **only** ''Empty the cache'' is selected 
 +  - Change the ''Clear data from this period:'' to ''Everything'' 
 +  - Click ''Clear browsing data'' 
 +  - Click the wrench again 
 +  - Select ''Options'' 
 +  - Select the ''Under the hood'' tab 
 +  - Scroll to the bottom and un-check the ''Check for server certificate revocation'' box 
 +  - Click ''Close'' 
 +  - Exit Chrome 
 +  - Launch Chrome 
 +  - Click the wrench again 
 +  - Select ''Options'' 
 +  - Select the ''Under the hood'' tab 
 +  - Scroll to the bottom and re-check the ''Check for server certificate revocation'' box 
 +  - Click ''Close''
  
-{{:computing:xp-updateforroot.png|}}