AddingUMIACSCertificateAuthority: Difference between revisions

From UMIACS
Jump to navigation Jump to search
 
(55 intermediate revisions by 5 users not shown)
Line 1: Line 1:
==Introduction==
===Introduction===


When you visit some webpages encrypted with SSL (e.g. BARRACUDA LINK), you may be presented with a warning about a site's security certificate not being trusted. These are normally important screens to pay attention to, but UMIACS goes to great lengths to maintain a secure environment to our users. As such, we provide a UMIACS CA (certificate authority) that enables your web browser to trust our secure webpage. The following steps explain how to import this certificate.
When you visit webpages encrypted with SSL, you may be presented with a warning about the site's security certificate not being trusted. These are normally important screens to pay attention to on the internet as a whole and UMIACS goes to great lengths to maintain a secure environment for our users. However, it is not cost effective to provide commercial certs for all our public facing certificates.  In order to keep costs down we provide a UMIACS CA (certificate authority) that enables your web browser to trust our secure webpages. The following steps explain how to import this certificate based on your preferred web browser.


==Accepting UMIACS SSL Certificate Authority in Windows==
===Windows===


Depending on the web browser you use, there are two main ways to import the UMIACS Certificate Authority in Windows. This process is the same in both Windows XP and Windows 7.
For most Windows browsers (Chrome, Firefox, Edge and Internet Explorer), certificate authorities are handled by Windows itself. These are the steps required to accept the certificate:


====Internet Explorer and Google Chrome====
* Click [https://wiki.umiacs.umd.edu/umiacs/images/7/7d/CA-cert.crt UMIACS Certificate Authority] to download the file.
* Open the file and click "Install Certificate".
*; [[File:UMIACSCA1.png]]
* In the dialog box opened, click "Next".
* Choose "Place all certificates in the following store".
* Choose "Browse", in the dialog box opened, Choose "Trusted Root Certification Authorities" and click "Ok".
*; [[File:UMIACSCA2.png]]
* Click "Next" and then "Finish".
* If you get a Security Warning asking if you want to install this certificate, click "Yes".
*; [[File:UMIACSCA3.png]]
* You should receive a success message similar to the following:
*; [[File:UMIACSCA4.png]]
* You may need to restart your browser for the change to take effect.


# Visit http://intranet.umiacs.umd.edu
===Safari and Google Chrome (macOS)===
# Scroll to the bottom and click "UMIACS CA Root Certificate (CRT - Most Browsers)". Download and open this file
:[[Image:UMIACSCA_IE_1.png]]
# Click "Install Certificate..." towards the bottom of the dialog box
:[[Image:UMIACSCA_IE_2.png]]
# Click Next
# Choose "Place all certificates in the following store"
# Choose "Trusted Root Certification Authorities" and click ok
[[Image:UMIACSCA_IE_3.png]]
# Click next and then finished. You should receive a success message.


====Firefox====
For most macOS browsers (excluding Firefox), certificate authorities are handled by macOS itself. This process requires administrator access. If you do not have administrator access and you are using a UMIACS-supported Mac, please contact [[HelpDesk|Staff]]. Otherwise, here are the steps required to accept the certificate:


* Visit http://intranet.umiacs.umd.edu
* Click [https://wiki.umiacs.umd.edu/umiacs/images/7/7d/CA-cert.crt UMIACS Certificate Authority] to download the file.
* Scroll to the bottom and click "UMIACS CA Root Certificate (CRT - Most Browsers)". Firefox should open a "Downloading Certificate" dialog box automatically.
* Open Keychain Access (Located in the Others group in Launchpad)
* Check all three boxes indicating that you fully trust this Certificate Authority
* Go to the Systems > Certificates
* Click ok.
* Open the UMIACS Certificate Authority file by double-clicking it (should be located in your downloads folder).
* Enter your administrator password or use your fingerprint on the dialog box that appears.
[[Image:KeychainAcces1.png|500px]]
* Right-click the certificate that was just added and select the "Get Info" section.
[[Image:KeychainAccess2.png|500px]]
* Select "Always Trust" option in the "When using this certificate" dropdown ("Trust" > "When using this certificate" > "Always Trust")
* Close the certificate and keychain access window.
* Enter the administrator credentials to add this certificate for all users of the system
[[Image:KeychainAccess3.png|500px]]
* You may need to restart your browser for the change to take effect.


==Accepting UMIACS SSL Certificate Authority in Linux==
===Other Browsers (Unix)===


Due to the differences between Windows and Linux, accepting the root certificate at the operating system level is nontrivial. If you are using the Firefox browser, follow the instructions above for Firefox in Windows. If you need assistance accepting the certificate for any other browser, please contact [[HelpDesk|UMIACS Staff]].
If you are using a browser other than Firefox in Unix, the process is more complicated than the above methods and may depend on your particular Unix distribution. If you need assistance with this please contact [[HelpDesk|UMIACS Staff]].

Latest revision as of 15:57, 8 January 2024

Introduction

When you visit webpages encrypted with SSL, you may be presented with a warning about the site's security certificate not being trusted. These are normally important screens to pay attention to on the internet as a whole and UMIACS goes to great lengths to maintain a secure environment for our users. However, it is not cost effective to provide commercial certs for all our public facing certificates. In order to keep costs down we provide a UMIACS CA (certificate authority) that enables your web browser to trust our secure webpages. The following steps explain how to import this certificate based on your preferred web browser.

Windows

For most Windows browsers (Chrome, Firefox, Edge and Internet Explorer), certificate authorities are handled by Windows itself. These are the steps required to accept the certificate:

  • Click UMIACS Certificate Authority to download the file.
  • Open the file and click "Install Certificate".
    UMIACSCA1.png
  • In the dialog box opened, click "Next".
  • Choose "Place all certificates in the following store".
  • Choose "Browse", in the dialog box opened, Choose "Trusted Root Certification Authorities" and click "Ok".
    UMIACSCA2.png
  • Click "Next" and then "Finish".
  • If you get a Security Warning asking if you want to install this certificate, click "Yes".
    UMIACSCA3.png
  • You should receive a success message similar to the following:
    UMIACSCA4.png
  • You may need to restart your browser for the change to take effect.

Safari and Google Chrome (macOS)

For most macOS browsers (excluding Firefox), certificate authorities are handled by macOS itself. This process requires administrator access. If you do not have administrator access and you are using a UMIACS-supported Mac, please contact Staff. Otherwise, here are the steps required to accept the certificate:

  • Click UMIACS Certificate Authority to download the file.
  • Open Keychain Access (Located in the Others group in Launchpad)
  • Go to the Systems > Certificates
  • Open the UMIACS Certificate Authority file by double-clicking it (should be located in your downloads folder).
  • Enter your administrator password or use your fingerprint on the dialog box that appears.

KeychainAcces1.png

  • Right-click the certificate that was just added and select the "Get Info" section.

KeychainAccess2.png

  • Select "Always Trust" option in the "When using this certificate" dropdown ("Trust" > "When using this certificate" > "Always Trust")
  • Close the certificate and keychain access window.
  • Enter the administrator credentials to add this certificate for all users of the system

KeychainAccess3.png

  • You may need to restart your browser for the change to take effect.

Other Browsers (Unix)

If you are using a browser other than Firefox in Unix, the process is more complicated than the above methods and may depend on your particular Unix distribution. If you need assistance with this please contact UMIACS Staff.