Differences

This shows you the differences between two versions of the page.

--- computing:certificate [2009/12/30 11:18]
lessem
+++ computing:certificate [2009/12/30 20:41]
lessem
@@ Line 2: / Line 2: @@
 The [[http://en.wikipedia.org/wiki/Certificate_authority|certificate authority]](CA) which issued IBG's website certificate has had their own certificate expire.  They have issued a new certificate, but the new certificate is not yet incorporated into many web browsers.  Web browsers that do not have the new certificate will show a security warning.  To avoid this warning the new CA certificate must be installed in your browser.
-Detailed instructions for updating the certificate will be provided soon.
 ===== Certificate Installation Instructions =====
@@ Line 13: / Line 12: @@
 Or, [[http://certs.ipsca.com/store/ipsCAGlobal.crt|click here to install the certificate directly from their page]].
+That will bring up a dialog box.  Check the box for ''Trust this CA to identify web sites'' and then click ''OK''.
+{{ :computing:firefox-authorize.png |check the box for "Trust this CA to identify web sites."}}
 ==== Thunderbird ====
@@ Line 50: / Line 53: @@
 Windows 7 and Windows Vista normally will [[http://technet.microsoft.com/en-us/library/cc749331%28WS.10%29.aspx|automatically download updated certificates]] with no necessary user interaction.
+==== Mac OS X and applications (Safari and Mail.app) ====
+To add the CAcert Root Certificate to Apple Safari, use the Keychain Access application which is shipped with Mac OS X.
+To install the certificate system-wide, you need to follow these steps:
+   - Download the [[http://certs.ipsca.com/store/ipsCAGlobal.crt|updated certificate]] and save it someplace convenient.
+   - Double click on the ''ipsCAGlobal.crt'' file. The Keychain Access application will be launched
+   - Select ''System'' from the ''Keychain'' dropdownlist and press ''OK''.
+   - You will be asked to authenticate yourself.
+   - Click ''Always Trust''
+   - You will then have to authenticate yourself again.
+==== Google Chrome ====
+Google Chrome uses the native operating system to handle certificates.  Follow the instructions to make sure that [[:computing:certificate#microsoft_products_internet_explorer_outlook_etc|Microsoft Windows]] or [[:computing:certificate#mac_os_x_and_applications_safari_and_mail.app|Mac OS X]] has the new certificate.  However, in the version of Google Chrome release version available as of this writing (3.0.195.38) there is a bug which requires clearing the cache to properly validate the new certificate if the website was visited while the old certificate was in place.
+If you visit the [[https://ibg.colorado.edu|IBG secure website]] and there are no errors or warnings, then nothing else needs to be done.
+If after updating your operating system the Chrome address bar shows a red ''https:'' with a line through it, then follow these steps to force Chrome to reload the certificate.
+  - Click the wrench in the top right corner
+  - Click ''Clear browser data''
+  - Make sure **only** ''Empty the cache'' is selected
+  - Change the ''Clear data from this period:'' to ''Everything''
+  - Click ''Clear browsing data''
+  - Click the wrench again
+  - Select ''Options''
+  - Select the ''Under the hood'' tab
+  - Scroll to the bottom and un-check the ''Check for server certificate revocation'' box
+  - Click ''Close''
+  - Exit Chrome
+  - Launch Chrome
+  - Click the wrench again
+  - Select ''Options''
+  - Select the ''Under the hood'' tab
+  - Scroll to the bottom and re-check the ''Check for server certificate revocation'' box
+  - Click ''Close''

IBG Wiki

User Tools

Site Tools

Differences

Page Tools