Skip to main content

Search this Site

DartPulse Alerts

Chrome Printing Issues

 

DartPulse Outages

Overall System Status:

Upcoming Scheduled Outages

New to Dartmouth?

Resources for:

Information Security

Connect with Computing

facebook twitter Wordpress Blog

Getting Certificates

If you want to install a software certificate directly on your computer, follow the instructions below based on your browser. Browsers that are not supported include Internet Explorer 5.x and Netscape 6.x.

Before you begin, be sure to consider what you will use for a password; for tips, see Selecting a Password.

If you have an eToken, your certificate is already located on the eToken. eTokens are the preferred method for authenticating with PKI certificates. If you do not have an eToken, please contact Need Help and request information on how to obtain one.

Note: To use your PKI personal certificate, you may also need to install the Dartmouth Root Certificate in your web browser's certificate store. This root certificate helps your computer determine if Dartmouth's issued certificates are trustworthy. Follow the directions provided for your browser below ("Adding Dartmouth's Root Certificate") to download the Root Certificate and set it to be trusted.

Safari 2.0 and Later

New versions of the Safari web browser provided with Mac OS 10.3.3 and later include support for client certificates. The Keychain application stores the digital certificates. (The default location of the Keychain Access program is in the Applications/Utilities folder.)

Getting a Digital Certificate

To get a digital certificate, follow the instructions provided below:

  1. Consider what you will be using for a password; see Selecting a Password for tips.
  2. Click on the following link: https://collegeca.dartmouth.edu/index.jsp. A new browser window will open. If the new browser window covers the previous window, move it to the right so you can see these instructions.
  3. On the Dartmouth CAPSO v.1.0 Certificate Authority & PKI Solution web page, click on Request a Personal Cert under Certificate Requests.
  4. At the Dartmouth Web Authentication web page, enter your full name as it appears in the Dartmouth Name Directory (DND) [e.g., Susan Q. Jones] and your DND (BlitzMail) password, then press the LOGIN button.
  5. When the Certificate Contents web page appears, verify that the fields contain the following entries:
    • Common name - Enter your full name as it appears in the DND (e.g., Susan Q. Jones).
    • Email - Enter your Dartmouth e-mail address (e.g., susan.q.jones@dartmouth.edu).
    • Keysize - Change the setting to 1024 (Medium Grade).
    • Certificate Type - Select Software Certificate.
  6. Click the Submit button.
  7. When the Confirmation Data web page appears, verify the data, then press Install Certificate.
  8. The web browser will ask if you want to retrieve the certificate. Click OK.
  9. In the download window that appears, take note of the certificate file's name (e.g., Cert2Install.der) location, then close the download window.
  10. You now need to install the certificate to your computer's Keychain Accessapplication:
    1. Use the Finder to locate the Keychain Access icon in the Applications/Utilities folder.
    2. Drag and drop the certificate file into the Keychain Access icon.
    3. The Keychain Access application opens and you are prompted to add the certificates from the file to a Keychain. Select the Login keychain. Click OK.
    4. A list of all your Keychain items appears. You can verify your new certificate by selecting My Certificates. Your certificates will appear and the recent addition will have a date two years from today.
  11. Keychain Access now contains your certificate, public key, and private key. Quit the Keychain Access application.

Adding Dartmouth's Root Certificate

  1. Return to the Dartmouth CAPSO v.1.0 Certificate Authority & PKI Solution web page and click on the Root Certificates link under Download.
  2. When the Download Certificates web page appears, click on the Dartmouth CertAuth1 CA (Dartmouth Root CA) link.
  3. The certificate file DartmouthCA.cer will download to your Macintosh.
  4. Drag and drop the certificate file onto the Keychain Access icon in the Applications/Utilities folder.
  5. The Keychain Accessapplication opens and you are prompted to add the certificates from the file to a Keychain.
    1. For Mac OS X 10.4 and earlier, select the X.509 Anchors keychain. Click OK.
    2. For Mac OS X 10.5, select the System keychain. Click OK.
  6. Keychain Access will now contain the Dartmouth College Root certificate. Quit the Keychain Access application.

Verifying a Certificate

To check a certificate:

  1. Open the Keychain Access application.
  2. In the Category column, click Certificate.
  3. A list of certificates currently installed on your Macintosh appears. You can double-click on any of them for their details.

Importing or Exporting a Certificate

On Mac OS, the Keychain Access program is used to store private keys and certificates.

Importing a Certificate

  1. Open the Keychain Access application in the Application/Utilities folder.
  2. Select Import from the File menu and browse for the certificate you wish to import. Click Open.
  3. Enter the password you supplied for the P12 file when you created it.

You can also drag and drop the certificate file onto the Keychain Access icon.

Exporting a Certificate

  1. Open the Keychain Access application in the Application/Utilities folder.
  2. Highlight the certificate you wish to export by clicking on it.
  3. Select Export from the File menu and browse for the certificate you wish to import. Click Open.
  4. Choose a location for the exported file, then click Save.
  5. Enter a password to secure the certificate file, then click OK.

Top of page

Firefox 1.5 and later

Firefox, by default, will ask you if you want it to remember your password. You should not allow Firefox to remember your DND or certificate passwords as it will significantly reduce your computer's security. Upgrading to Firefox 2.0 is recommended for all Firefox users.

Getting a Digital Certificate

To obtain a digital certificate, follow the instructions provided below:

  1. Consider what you will be using for a password; see Selecting a Password for tips.
  2. Click on the following link: https://collegeca.dartmouth.edu/. A new browser window will open. If the new browser window covers the previous window, move it to the right so you can see these instructions.
  3. On the Dartmouth CAPSO v.1.0 Certificate Authority & PKI Solution web page, click on Request a Personal Cert under Certificate Requests.
  4. At the Dartmouth Web Authentication web page, enter your full name as it appears in the Dartmouth Name Directory (e.g., Susan Q. Jones) and your DND (BlitzMail) password, then press the LOGIN button.
  5. The Certificate Contents window appears with the following fields. Verify that they contain the following entries:
    • Common name: Enter your full name as it appears in the DND (e.g., Susan Q. Jones).
    • Email: Enter your full Dartmouth e-mail address. (e.g., susan.q.jones@dartmouth.edu).
    • Keysize: Select 1024 (Medium Grade).
    • Certificate Type: Select Software Certificate.
  6. Click the Submit button.
  7. On the Security Device window, define a password for the certificate. Enter the password twice, then click OK.
  8. The CAPSO software generates a certificate. Verify the certificate's data as best you can, then click Install Certificate.
  9. The browser will ask you to confirm your request to install. Click OK.
  10. The browser will advise you that the certificate was installed. Click OK.
  11. Proceed to the next section: Adding Dartmouth's Root Certificate.

Adding Dartmouth's Root Certificate

  1. Click on the following link: Dartmouth CAPSO. A new browser window will open. If the new window covers the previous window, move it to the right so you can see these instructions.
  2. On the CAPSO web page, click on Root Certificates under Download.
  3. On the Download Certificates web page, click on the Dartmouth CertAuth1 CA (Dartmouth Root CA) link.
  4. The browser will prompt you to define the trusts for this certificate. Check all three boxes (Web sites, e-mail, and software developers), then click OK.
  5. You now have a digital certificate. You can close the Dartmouth CAPSO browser window.

Verifying a Certificate

To check whether your certificate was created successfully:

  1. Select Options from the Tools menu (or Preferences from the Firefox menu if you are using Mac OS X). Click on the Advanced section, then the Encryption tab, then click View Certificates.
  2. When the Certificate Manager window opens, click on the Your Certificates tab.
  3. If your certificate appears in the list, enrollment was successful.
  4. If your certificate appears in the list, but the Purpose field (versions 1.5 and 2 only) shows <issue unknown>, you still need to add Dartmouth's root certificate. See previous section.
  5. If you want further confirmation, click on your certificate, then click the View button to see the contents of the certificate and verify that the certificate was imported correctly.

Importing or Exporting a Certificate

  1. Select Options from the Tools menu (or Preferences on the Firefox menu if you are using Mac OS X).
  2. Select the category Advanced.
  3. Select the sub-category View Certificates.
  4. Click the Your Certificates tab in the displayed window.

Importing a Certificate

  1. Click the Import button.
  2. In the dialog box that appears, browse for the file containing the certificate you want to import, select it, and click Open.
  3. In response to the alert Please enter the master password for the Software Security Device, enter the password for your certificate store.
  4. In response to the alert Please enter the password that was used to encrypt this certificate backup, enter the .p12 file password.
  5. Finally, you should receive the following alert: Successfully restored your security certificate(s) and private key(s).

Exporting a Certificate

  1. Select the certificate.
  2. Click the Backup button.
  3. In the File Name to Backup field, enter a file name and select the format PKCS 12 Files in the menu.
  4. An alert will display the message, Please enter the master password for the Software Security Device.
  5. Enter the password for your certificate store to authorize the key transfer.
  6. The next window prompts you to Choose a Certificate Backup Password.
  7. Fill in both blanks with the same password (which protects the keys in transit), then click OK.
  8. Finally, you should receive the following alert: Successfully backed up your security certificate(s) and private key(s).

Top of page

Netscape 8.x and 9.0

Netscape 8 and 9 may ask if you want it to remember your password. We ask that you do not allow the browser to remember your DND or certificate passwords, as this will significantly reduce your security.

Getting a Digital Certificate

To get a digital certificate, follow the instructions provided below:

  1. Consider what you will be using for a password; see Selecting a Password for tips.
  2. Click on the following link: https://collegeca.dartmouth.edu/. A new browser window will open. If the new browser window covers the previous window, move it to the right so you can see these instructions.
  3. On the Dartmouth CAPSO v.1.0 Certificate Authority & PKI Solution web page, click Request a Personal Cert under Certificate Requests.
  4. At the Dartmouth Authentication web page, enter your full name as it appears in the Dartmouth Name Directory (e.g., Susan Q. Jones) and your DND (BlitzMail) password, then click the LOGINbutton. When the Certificate Contents page appears, verify that the fields contain the following entries:
    • Common name - Enter your full name as it appears in the DND (e.g., Susan Q. Jones).
    • Email - Enter your Dartmouth e-mail address (e.g., susan.q.jones@dartmouth.edu).
    • Keysize - Change the setting to 1024 (Medium Grade).
    • Certificate Type - Select Software Certificate.
  5. Click the Submit button and enter a password for the Software Security Device, if prompted.
  6. When the Confirmation Data web page appears, verify the data, then click Install Certificate.
  7. The browser will prompt you to verify your request to install the certificate. Click OK.
  8. The browser will alert you that the certificate was installed. Click OK.
  9. You now have a digital certificate. Proceed to the following section to install Dartmouth's Root Certificate. 

Add Dartmouth's Root Certificate

  1. Install the Dartmouth College root certificate by going to the Dartmouth CAPSO v.1.0 Certificate Authority & PKI Solution web page.
  2. Click on Root Certificates under Download.
  3. When the Download certificates web page appears, click on Dartmouth CertAuth1 CA (Dartmouth Root CA).
  4. In the dialog box that appears, check all three boxes.
    • Trust this CA to identify Web sites.
    • Trust this CA to identify e-mail users.
    • Trust this CA to identify software developers.
  5. Click OK.
  6. You now have Dartmouth's Root certificate. Close the CAPSO window.

Verifying a Certificate

To check whether your certificate was created successfully:

  1. Select Options from the Tools menu. (In Mac OS X, select Preferences from the Navigator menu.)
  2. Under Browser Options, click Advanced.
  3. Scroll down and expand the Certificates section and click on Manage Certificates. (In Mac OS X, click on the Encryption tab, then click View Certificates.)
  4. Click the Your Certificates tab to view your certificate.  The Purposes column should contain Client, Sign, Encrypt.
  5. If you want further confirmation, click on your certificate, then click View to see the contents of the certificate.

Importing and Exporting a Certificate

You may find at some point while using PKI that you need to import or export your certificate. Should that occasion occur, please use the instructions below.

  1. Select Options from the Tools menu. (In Mac OS X, select Preferences from the Navigator menu.)
  2. Select the Advanced category.
  3. Select the sub-category Certificates. (In Mac OS X, click on the Encryption tab.)
  4. Click the Manage Certificates button. (View Certificates in Mac OS X.)
  5. In the displayed window, click the Your Certificates tab.

Importing a Certificate

  1. Click the Import button.
  2. In the dialog box that appears, select the file containing the certificate you want to import.
  3. In response to the Please enter the master password for the Software Security Device alert, provide the .p12 file password.
  4. In response to the Please enter the password that was used to encrypt this certificate backup alert, provide the password for your certificate store.

Exporting a Certificate

  1. Select the certificate.
  2. Click the Backup button.
  3. In the File Name to Backup field, enter a file name, then select the format PKCS 12 Files in the menu.
  4. An alert will display the message Please enter the master password for the Software Security Device.
  5. Enter the password for your certificate store to authorize the key transfer.
  6. The next window prompts you to Choose a Certificate Backup Password.
  7. Fill in both blanks with the same password (that protect the keys in transit), then click OK.
  8. Finally, you will receive the following alert: Successfully backed up your security certificate(s) and private key(s).

Top of page

Last Updated: 2/13/12