Skip to main content

Search this Site

DartPulse Alerts

"HeartBleed" Website Security

Java Upgrade

Windows XP Alert

 

DartPulse Outages

Overall System Status:

Upcoming Scheduled Outages

New to Dartmouth?

Resources for:

Information Security

Connect with Computing

facebook twitter Wordpress Blog

Getting Certificates

If you want to install a software certificate directly on your computer, follow the instructions below based on your browser. Browsers that are not supported include Internet Explorer 5.x  and Netscape 6.x.

Before you begin, be sure to consider what you will use for a password; for tips, see Selecting a Password.

If you have an eToken, your certificate is already located on the eToken. eTokens are the preferred method for authenticating with PKI certificates. If you do not have an eToken, please contact Need Help and request information on how to obtain one.

Note: To use your PKI personal certificate, you may also need to install the Dartmouth Root Certificate in your web browser's certificate store. This root certificate helps your computer determine if Dartmouth's issued certificates are trustworthy. Follow the directions provided for your browser below ("Adding Dartmouth's Root Certificate") to download the Root Certificate and set it to be trusted.

Internet Explorer 6.x, 7.x, and 8.x

Internet Explorer 5.x is not recommended. Please consider upgrading your browser at your earliest convenience.

Internet Explorer, by default, asks if you want it to remember your password. Please do not allow Internet Explorer to remember your DND or certificate passwords, as this will significantly reduce your security.

Some Windows computers will need Microsoft updates before you can install PKI certificates. If this is the case with your computer, you will get a message to that effect during the registration process. We strongly recommend you keep Windows updated with all critical updates by visiting http://windowsupdate.microsoft.com. These updates will protect your computer against a number of security threats, in addition to keeping it up-to-date for PKI.

Please note: If you are running Windows Vista or 7 on your computer, you will need to make some configuration changes before proceeding to the Getting a Digital Certificate section below. If you are running Windows XP on your computer, you can go directly to the Getting a Digital Certificate section below.

Windows Vista and 7 Configuration Changes for PKI

If you have Windows Vista or 7 running on your computer, prior to obtaining the root and personal PKI certificates, you may need to do the following:

  1. Start Internet Explorer and click Tools, then Internet Options.
  2. Click the Security tab, then Trusted Sites, then the Sites button. In the Add this website to the zone field, enter https://collegeca.dartmouth.edu. Click Add, then Close.
  3. Click the Custom Level button, then in the Reset to field, select Low. Next, in the Initialize and script ActiveX controls not marked safe for scripting field, select Enable. Click OK.
  4. Quit Internet Explorer.

You should now be able to download the root certificate and obtain a personal certificate.

Getting a Digital Certificate

To get a digital certificate, follow the instructions provided below:

  1. Consider what you will be using for a password; see Selecting a Password for tips.
  2. Click the following link: https://collegeca.dartmouth.edu/. A new browser window will open. If the new browser window covers the previous window, move it to the right so you can see these instructions.
  3. On the Dartmouth CAPSO v.1.0 Certificate Authority & PKI Solution web page, click on Request a Personal Cert under Certificate Requests.
  4. At the Dartmouth Web Authentication web page, enter your full name as it appears in the Dartmouth Name Directory (e.g., Susan Q. Jones) and your DND (BlitzMail) password, then press the Login button.
  5. The Certificate Contents window appears with the following fields. Verify that they contain the following entries:
    • Common Name - Enter your full name as it appears in the Dartmouth Name Directory (e.g., Susan Q. Jones).
    • Email - Enter your Dartmouth e-mail address (e.g., susan.q.jones@dartmouth.edu).
    • Provider - Select Microsoft Enhanced Cryptographic Provider (the default value).
    • Keysize - Select 1024 (Medium Grade).
    • Certificate Type - Select Software Certificate.
  6. Click the Submit button. The web browser may display a "Potential Scripting Violation" message asking you to confirm your request for a certificate. If it does, select Yes.
  7. The certificate request page now displays Confirmation Data. Review the information, then press Install Certificate.
  8. The web browser may ask, Would you like to try to install your certificate? Select OK.
  9. The web browser may display a "Potential Scripting Violation" message asking you again to confirm your request for a certificate. Select Yes.
  10. The web browser will notify you if the certificate was successfully installed. Click OK.
  11. You now have a digital certificate and can verify it using the following steps.

Verifying That Your Certificate Was Created Properly

  1. Select Internet Options from the Tools menu.
  2. Click the Content tab, then the Certificates button.
  3. Your certificate name should appear under the Personal tab.

If you want further confirmation, click on your certificate name, then click the View button to see the contents of your certificate. Verify that the certificate was imported correctly.

Adding Dartmouth's Root Certificate

  1. Click on the following link: Dartmouth CAPSO. A new browser window will open. If the new window covers the previous window, move it to the right so you can see these instructions.
  2. On the CAPSO web page, click on Root Certificates under Download.
  3. On the Download Certificates web page, click on the Dartmouth CertAuth1 CA (Dartmouth Root CA) link.
  4. When asked, "Do you want to open or save this file", click Open.
  5. In the Certificate window that opens, click Install Certificate, then click Next.
  6. Fill in the circle beside Place all certificates in the following store, then click Browse. Click on Trusted Root Certification Authorities, click OK, then click Next and Finish.
  7. When the Security Warning pops up, click Yes.
  8. You should see a screen that says the import was successful. Click OK to close this.
  9. You now have a digital certificate. You can close the Dartmouth CAPSO browser window.

Importing or Exporting a Certificate

While using PKI, you may find that you need to import or export your certificate. Should that occasion occur, please use the following instructions.

Importing a Certificate

  1. Select Internet Options from the Tools menu.
  2. Click the Content tab, then the Certificates button.
  3. Click the Import button, then the Next button.
  4. Click the Browse button.
  5. Browse to the PKCS #12 certificate file you want to import and select it. Change the Files of type setting at the bottom of the open window to Personal Information Exchange (*.pfx, *.p12).
  6. Click the Open button, then the Next button.
  7. Enter the password you used when you created the PKCS #12 file.
  8. Make sure the Enable strong private key protection check box is checked.
  9. Make sure the Mark this key as exportable check box is checked.
  10. Click the Next button.
  11. If you are importing a personal certificate (which you probably are), make sure the Place all certificates in the following store radio button is selected and the Certificate store box is set to Personal. Otherwise, use the other radio button or select the appropriate store.
  12. Click the Next button.
  13. Verify that the import was successful. If not, and you received an error, it is likely there is something wrong with the PKCS #12 file you tried to import.
  14. Click the Finish button.
  15. In the Importing a new private exchange key dialog box, click the Set Security Level button.
  16. Make sure the High radio button is selected.
  17. Click Next.
  18. Enter your key store password for this certificate twice. See Selecting a Password for tips on selecting a good password.
  19. Click the Finish button.
  20. Make sure the security level is set to High.
  21. Click OK twice.

Exporting a Certificate

  1. Select Internet Options from the Tools menu.
  2. Click the Content tab, then the Certificates button.
  3. Select the desired certificate.
  4. Click the Export button, then the Next button.
  5. Make sure the Yes, export the private key button is selected (this is important!).
  6. Make sure the Personal Information Exchange - PKCS #12 (.PFX) radio button is selected.
  7. Make sure the Enable strong protection (requires IE 5.0, NT 4.0 SP4 or above) check box is checked.
  8. Click the Next button.
  9. Enter your password twice. For tips on selecting a good password, see Selecting a Password.

    Important note: This password is different from your certificate password. It only protects the certificate export file you are creating now. You will need this password when you import the certificate in this file into other browsers or computers.
  10. Click the Next button.
  11. Specify the file name and location you desire (it is probably best to use the Browser button to make sure you know where you are saving the file).
  12. Click the Next button.
  13. The Completing the Certificate Export Wizard dialog box displays the settings for the exported certificate. Note where the certificate was saved and click the Finish button.
  14. Enter your key store password (the one you supplied when you created the certificate). Do not check the Remember password box.
  15. Click OK twice.
Top of page

Firefox 1.5 and Later

Firefox, by default, will ask you if you want it to remember your password. You should not allow Firefox to remember your DND or certificate passwords as it will significantly reduce your computer's security. Upgrading to Firefox 3.x is recommended for all Firefox users.

Getting a Digital Certificate

To obtain a digital certificate, follow the instructions provided below:

  1. Consider what you will be using for a password; see Selecting a Password for tips.
  2. Click on the following link: Dartmouth CAPSO. A new browser window will open. If the new browser window covers the previous window, move it to the right so you can see these instructions.
  3. On the Dartmouth CAPSO v.1.0 Certificate Authority & PKI Solution web page, click on Request a Personal Cert under Certificate Requests.
  4. At the Dartmouth Web Authentication web page, enter your full name as it appears in the Dartmouth Name Directory (e.g., Susan Q. Jones) and your DND (BlitzMail) password, then press the Login button.
  5. The Certificate Contents window appears with the following fields. Verify that they contain the following entries:
    • Common name: Enter your full name as it appears in the DND (e.g., Susan Q. Jones).
    • Email: Enter your full Dartmouth e-mail address. (e.g., susan.q.jones@dartmouth.edu).
    • Keysize: Select 1024 (Medium Grade).
    • Certificate Type: Select Software Certificate.
  6. Click the Submit button.
  7. On the Security Device window, define a password for the certificate. Enter the password twice, then click OK.
  8. The CAPSO software generates a certificate. Verify the certificate's data as best you can, then click Install Certificate.
  9. The browser will ask you to confirm your request to install. Click OK.
  10. The browser will advise you that the certificate was installed. Click OK.
  11. Proceed to the next section: Adding Dartmouth's Root Certificate.

Adding Dartmouth's Root Certificate

  1. Click on the following link: Dartmouth CAPSO. A new browser window will open. If the new window covers the previous window, move it to the right so you can see these instructions.
  2. On the CAPSO web page, click on Root Certificates under Download.
  3. On the Download Certificates web page, click on the Dartmouth CertAuth1 CA (Dartmouth Root CA) link.
  4. The browser will prompt you to define the trusts for this certificate. Check all three boxes (websites, e-mail, and software developers), then click OK.
  5. You now have a digital certificate. You can close the Dartmouth CAPSO browser window.

Verifying a Certificate

To check whether your certificate was created successfully:

  1. Select Options from the Tools menu (or Preferences from the Firefox menu if you are using Mac OS X). Click on the Advanced section, then the Encryption tab, then click View Certificates.
  2. When the Certificate Manager window opens, click on the Your Certificates tab.
  3. If your certificate appears in the list, enrollment was successful.
  4. If your certificate appears in the list, but the Purpose field (versions 1.5 and 2 only) shows <issue unknown>, you still need to add Dartmouth's root certificate. See previous section.
  5. If you want further confirmation, click on your certificate, then click the View button to see the contents of the certificate and verify that the certificate was imported correctly.

Importing or Exporting a Certificate

  1. Select Options from the Tools menu (or Preferences on the Firefox menu if you are using Mac OS X).
  2. Select the category Advanced.
  3. Select the sub-category View Certificates.
  4. Click the Your Certificates tab in the displayed window.

Importing a Certificate

  1. Click the Import button.
  2. In the dialog box that appears, browse for the file containing the certificate you want to import, select it, and click Open.
  3. In response to the alert Please enter the master password for the Software Security Device, enter the password for your certificate store.
  4. In response to the alert Please enter the password that was used to encrypt this certificate backup, enter the .p12 file password.
  5. Finally, you should receive the following alert: Successfully restored your security certificate(s) and private key(s).

Exporting a Certificate

  1. Select the certificate.
  2. Click the Backup button.
  3. In the File Name to Backup field, enter a file name and select the format PKCS 12 Files in the menu.
  4. An alert will display the message, Please enter the master password for the Software Security Device.
  5. Enter the password for your certificate store to authorize the key transfer.
  6. The next window prompts you to Choose a Certificate Backup Password.
  7. Fill in both blanks with the same password (which protects the keys in transit), then click OK.
  8. Finally, you should receive the following alert: Successfully backed up your security certificate(s) and private key(s).
Top of page

Netscape 8.x and 9.0

Netscape 8 and 9 may ask if you want it to remember your password. We ask that you do not allow the browser to remember your DND or certificate passwords, as this will significantly reduce your security.

Getting a Digital Certificate

To get a digital certificate, follow the instructions provided below:

  1. Consider what you will be using for a password; see Selecting a Password for tips.
  2. Click on the following link: https://collegeca.dartmouth.edu/. A new browser window will open. If the new browser window covers the previous window, move it to the right so you can see these instructions.
  3. On the Dartmouth CAPSO v.1.0 Certificate Authority & PKI Solution web page, click Request a Personal Cert under Certificate Requests.
  4. At the Dartmouth Authentication web page, enter your full name as it appears in the Dartmouth Name Directory (e.g., Susan Q. Jones) and your DND (BlitzMail) password, then click the Login button. When the Certificate Contents page appears, verify that the fields contain the following entries:
    • Common name - Enter your full name as it appears in the DND (e.g., Susan Q. Jones).
    • Email - Enter your Dartmouth e-mail address (e.g., susan.q.jones@dartmouth.edu).
    • Keysize - Change the setting to 1024 (Medium Grade).
    • Certificate Type - Select Software Certificate.
  5. Click the Submit button and enter a password for the Software Security Device, if prompted.
  6. When the Confirmation Data web page appears, verify the data, then click Install Certificate.
  7. The browser will prompt you to verify your request to install the certificate. Click OK.
  8. The browser will alert you that the certificate was installed. Click OK.
  9. You now have a digital certificate. Proceed to the following section to install Dartmouth's Root Certificate. 

Add Dartmouth's Root Certificate

  1. Install the Dartmouth College root certificate by going to the Dartmouth CAPSO web page.
  2. Click on Root Certificates under Download.
  3. When the Download certificates web page appears, click on Dartmouth CertAuth1 CA (Dartmouth Root CA).
  4. In the dialog box that appears, check all three boxes.
    • Trust this CA to identify websites.
    • Trust this CA to identify e-mail users.
    • Trust this CA to identify software developers.
  5. Click OK.
  6. You now have Dartmouth's Root certificate. Close the CAPSO window.

Verifying a Certificate

To check whether your certificate was created successfully:

  1. Select Options from the Tools menu. (In Mac OS X, select Preferences from the Navigator menu.)
  2. Under Browser Options, click Advanced.
  3. Scroll down and expand the Certificates section and click on Manage Certificates. (In Mac OS X, click on the Encryption tab, then click View Certificates.)
  4. Click the Your Certificates tab to view your certificate.  The Purposes column should contain Client, Sign, Encrypt.
  5. If you want further confirmation, click on your certificate, then click View to see the contents of the certificate.

Importing and Exporting a Certificate

You may find at some point while using PKI that you need to import or export your certificate. Should that occasion occur, please use the instructions below.

  1. Select Options from the Tools menu. (In Mac OS X, select Preferences from the Navigator menu.)
  2. Select the Advanced category.
  3. Select the sub-category Certificates. (In Mac OS X, click on the Encryption tab.)
  4. Click the Manage Certificates button. (View Certificates in Mac OS X.)
  5. In the displayed window, click the Your Certificates tab.

Importing a Certificate

  1. Click the Import button.
  2. In the dialog box that appears, select the file containing the certificate you want to import.
  3. In response to the Please enter the master password for the Software Security Device alert, provide the .p12 file password.
  4. In response to the Please enter the password that was used to encrypt this certificate backup alert, provide the password for your certificate store.

Exporting a Certificate

  1. Select the certificate.
  2. Click the Backup button.
  3. In the File Name to Backup field, enter a file name, then select the format PKCS 12 Files in the menu.
  4. An alert will display the message Please enter the master password for the Software Security Device.
  5. Enter the password for your certificate store to authorize the key transfer.
  6. The next window prompts you to Choose a Certificate Backup Password.
  7. Fill in both blanks with the same password (that protect the keys in transit), then click OK.
  8. Finally, you will receive the following alert: Successfully backed up your security certificate(s) and private key(s).
Top of page

Last Updated: 7/12/12