Updated CA certificate for the IBG web server

The certificate authority(CA) which issued IBG's website certificate has had their own certificate expire. They have issued a new certificate, but the new certificate is not yet incorporated into many web browsers. Web browsers that do not have the new certificate will show a security warning. To avoid this warning the new CA certificate must be installed in your browser.

Certificate Installation Instructions


To install the new certificate, go to the CA's website at http://certs.ipsca.com/Support/hierarchy-ipsca.asp and then click the ipsCA Global CA Root link at the bottom of the page:

ipsCA website example

Or, click here to install the certificate directly from their page.

That will bring up a dialog box. Check the box for Trust this CA to identify web sites and then click OK.

check the box for "Trust this CA to identify web sites."


Installation of the updated certificate in Thunderbird requires downloading the certificate, and then importing it.

  1. Right click on this link and select "Save link as" or do whatever is necessary to save a link as a file using your browser.
  2. Save the ipsCAGlobal.crt file to a convenient location.
  3. Open Thunderbird and go to the Tools or Edit menu and select Preferences (different versions of Thunderbird put Preferences in different locations).
  4. In the Thunderbird Preferences window click on the Advanced button.
  5. Click on the Certificates tab.
  6. Click on the View Certificates button.
  7. In the Certificate Manager window, click on the Authorities tab.
  8. Click on the Import button.
  9. Open the ipsCAGlobal.crt file which you previously saved.
  10. In the Downloading Certificate window, check the box next to Trust this CA to identify web sites.
  11. Click OK on the Downloading Certificate window.
  12. Click OK on the Certificate Manager window.
  13. Click Close on the Thunderbird Preferences window.

Microsoft Products (Internet Explorer, Outlook, etc.)

Microsoft has included the updated ipsCA certificate in their root certificate update pack. The updated pack can be installed through the normal Microsoft Update procedures, or downloaded directly from Microsoft.

Windows XP

  1. Run Microsoft Update (or Windows Update) from the Start menu.
  2. Once it starts click on the “Custom” button. Click the Custom button on Microsoft Update
  3. Then click “Software, Optional” from the left panel. Click "Software, Optional" on Microsoft Update
  4. Then check the box next to “Update for Root Certificates” Check the "Update for Root Certificates" update
  5. Then click the “Review and install updates” link to begin downloading and installing the updates. Other updates may be included.

Windows 7 and Windows Vista

Windows 7 and Windows Vista normally will automatically download updated certificates with no necessary user interaction.

Mac OS X and applications (Safari and Mail.app)

To add the CAcert Root Certificate to Apple Safari, use the Keychain Access application which is shipped with Mac OS X.

To install the certificate system-wide, you need to follow these steps:

  1. Download the updated certificate and save it someplace convenient.
  2. Double click on the ipsCAGlobal.crt file. The Keychain Access application will be launched
  3. Select System from the Keychain dropdownlist and press OK.
  4. You will be asked to authenticate yourself.
  5. Click Always Trust
  6. You will then have to authenticate yourself again.

Google Chrome

Google Chrome uses the native operating system to handle certificates. Follow the instructions to make sure that Microsoft Windows or Mac OS X has the new certificate. However, in the version of Google Chrome release version available as of this writing ( there is a bug which requires clearing the cache to properly validate the new certificate if the website was visited while the old certificate was in place.

If you visit the IBG secure website and there are no errors or warnings, then nothing else needs to be done.

If after updating your operating system the Chrome address bar shows a red https: with a line through it, then follow these steps to force Chrome to reload the certificate.

  1. Click the wrench in the top right corner
  2. Click Clear browser data
  3. Make sure only Empty the cache is selected
  4. Change the Clear data from this period: to Everything
  5. Click Clear browsing data
  6. Click the wrench again
  7. Select Options
  8. Select the Under the hood tab
  9. Scroll to the bottom and un-check the Check for server certificate revocation box
  10. Click Close
  11. Exit Chrome
  12. Launch Chrome
  13. Click the wrench again
  14. Select Options
  15. Select the Under the hood tab
  16. Scroll to the bottom and re-check the Check for server certificate revocation box
  17. Click Close
computing/certificate.txt · Last modified: 2009/12/30 20:41 by lessem     Back to top