| Both sides previous revision
Previous revision
Next revision
|
Previous revision
Next revision
Both sides next revision
|
computing:certificate [2009/12/29 18:42]
lessem |
computing:certificate [2009/12/30 20:41]
lessem |
| The [[http://en.wikipedia.org/wiki/Certificate_authority|certificate authority]](CA) which issued IBG's website certificate has had their own certificate expire. They have issued a new certificate, but the new certificate is not yet incorporated into many web browsers. Web browsers that do not have the new certificate will show a security warning. To avoid this warning the new CA certificate must be installed in your browser. | The [[http://en.wikipedia.org/wiki/Certificate_authority|certificate authority]](CA) which issued IBG's website certificate has had their own certificate expire. They have issued a new certificate, but the new certificate is not yet incorporated into many web browsers. Web browsers that do not have the new certificate will show a security warning. To avoid this warning the new CA certificate must be installed in your browser. |
| |
| Detailed instructions for updating the certificate will be provided soon. | |
| |
| ===== Certificate Installation Instructions ===== | ===== Certificate Installation Instructions ===== |
| To install the new certificate, go to the CA's website at [[http://certs.ipsca.com/Support/hierarchy-ipsca.asp]] and then click the ''ipsCA Global CA Root'' link at the bottom of the page: | To install the new certificate, go to the CA's website at [[http://certs.ipsca.com/Support/hierarchy-ipsca.asp]] and then click the ''ipsCA Global CA Root'' link at the bottom of the page: |
| |
| [[http://certs.ipsca.com/Support/hierarchy-ipsca.asp|{{:computing:ipsca-root.png|}}]] | [[http://certs.ipsca.com/Support/hierarchy-ipsca.asp|{{ :computing:ipsca-root.png |ipsCA website example}}]] |
| |
| Or, [[http://certs.ipsca.com/store/ipsCAGlobal.crt|click here to install the certificate directly from this page]]. | Or, [[http://certs.ipsca.com/store/ipsCAGlobal.crt|click here to install the certificate directly from their page]]. |
| |
| ==== Microsoft Internet Explorer ==== | That will bring up a dialog box. Check the box for ''Trust this CA to identify web sites'' and then click ''OK''. |
| |
| Run Microsoft Update, go to Custom, then Optional Updates, and install the Update for Root Certificates. | {{ :computing:firefox-authorize.png |check the box for "Trust this CA to identify web sites."}} |
| |
| {{:computing:xp-custom.png|}} | ==== Thunderbird ==== |
| |
| {{:computing:xp-optional.png|}} | Installation of the updated certificate in Thunderbird requires downloading the certificate, and then importing it. |
| | - [[http://certs.ipsca.com/store/ipsCAGlobal.crt|Right click on this link and select "Save link as"]] or do whatever is necessary to save a link as a file using your browser. |
| | - Save the ''ipsCAGlobal.crt'' file to a convenient location. |
| | - Open Thunderbird and go to the ''Tools'' or ''Edit'' menu and select ''Preferences'' (different versions of Thunderbird put ''Preferences'' in different locations). |
| | - In the Thunderbird Preferences window click on the ''Advanced'' button. |
| | - Click on the ''Certificates'' tab. |
| | - Click on the ''View Certificates'' button. |
| | - In the Certificate Manager window, click on the ''Authorities'' tab. |
| | - Click on the ''Import'' button. |
| | - Open the ''ipsCAGlobal.crt'' file which you previously saved. |
| | - In the Downloading Certificate window, check the box next to ''Trust this CA to identify web sites''. |
| | - Click ''OK'' on the Downloading Certificate window. |
| | - Click ''OK'' on the Certificate Manager window. |
| | - Click ''Close'' on the Thunderbird Preferences window. |
| | |
| | |
| | |
| | |
| | |
| | ==== Microsoft Products (Internet Explorer, Outlook, etc.) ==== |
| | |
| | Microsoft has included the updated ipsCA certificate in their root certificate update pack. The updated pack can be installed through the normal Microsoft Update procedures, or [[http://support.microsoft.com/kb/931125/en-us/|downloaded directly from Microsoft]]. |
| | |
| | === Windows XP === |
| | |
| | - Run Microsoft Update (or Windows Update) from the Start menu. |
| | - Once it starts click on the "Custom" button. {{ :computing:xp-custom.png |Click the Custom button on Microsoft Update}} |
| | - Then click "Software, Optional" from the left panel. {{ :computing:xp-optional.png |Click "Software, Optional" on Microsoft Update}} |
| | - Then check the box next to "Update for Root Certificates" {{ :computing:xp-updateforroot.png |Check the "Update for Root Certificates" update}} |
| | - Then click the "Review and install updates" link to begin downloading and installing the updates. Other updates may be included. |
| | |
| | === Windows 7 and Windows Vista === |
| | |
| | Windows 7 and Windows Vista normally will [[http://technet.microsoft.com/en-us/library/cc749331%28WS.10%29.aspx|automatically download updated certificates]] with no necessary user interaction. |
| | |
| | ==== Mac OS X and applications (Safari and Mail.app) ==== |
| | |
| | To add the CAcert Root Certificate to Apple Safari, use the Keychain Access application which is shipped with Mac OS X. |
| | |
| | To install the certificate system-wide, you need to follow these steps: |
| | |
| | - Download the [[http://certs.ipsca.com/store/ipsCAGlobal.crt|updated certificate]] and save it someplace convenient. |
| | - Double click on the ''ipsCAGlobal.crt'' file. The Keychain Access application will be launched |
| | - Select ''System'' from the ''Keychain'' dropdownlist and press ''OK''. |
| | - You will be asked to authenticate yourself. |
| | - Click ''Always Trust'' |
| | - You will then have to authenticate yourself again. |
| | |
| | ==== Google Chrome ==== |
| | |
| | Google Chrome uses the native operating system to handle certificates. Follow the instructions to make sure that [[:computing:certificate#microsoft_products_internet_explorer_outlook_etc|Microsoft Windows]] or [[:computing:certificate#mac_os_x_and_applications_safari_and_mail.app|Mac OS X]] has the new certificate. However, in the version of Google Chrome release version available as of this writing (3.0.195.38) there is a bug which requires clearing the cache to properly validate the new certificate if the website was visited while the old certificate was in place. |
| | |
| | If you visit the [[https://ibg.colorado.edu|IBG secure website]] and there are no errors or warnings, then nothing else needs to be done. |
| | |
| | If after updating your operating system the Chrome address bar shows a red ''https:'' with a line through it, then follow these steps to force Chrome to reload the certificate. |
| | - Click the wrench in the top right corner |
| | - Click ''Clear browser data'' |
| | - Make sure **only** ''Empty the cache'' is selected |
| | - Change the ''Clear data from this period:'' to ''Everything'' |
| | - Click ''Clear browsing data'' |
| | - Click the wrench again |
| | - Select ''Options'' |
| | - Select the ''Under the hood'' tab |
| | - Scroll to the bottom and un-check the ''Check for server certificate revocation'' box |
| | - Click ''Close'' |
| | - Exit Chrome |
| | - Launch Chrome |
| | - Click the wrench again |
| | - Select ''Options'' |
| | - Select the ''Under the hood'' tab |
| | - Scroll to the bottom and re-check the ''Check for server certificate revocation'' box |
| | - Click ''Close'' |
| |
| {{:computing:xp-updateforroot.png|}} | |
