Skip to main content

Search this Site

DartPulse Alerts

Chrome Printing Issues

 

DartPulse Outages

Overall System Status:

Upcoming Scheduled Outages

New to Dartmouth?

Resources for:

Information Security

Connect with ITS

facebook twitter Wordpress Blog

Getting Certificates

If you want to install a software certificate directly on your computer, follow the instructions below based on your browser. 

Before you begin, be sure to consider what you will use for a password; for tips, see Selecting a Password.

If you have an eToken, your certificate is already located on the eToken. eTokens are the preferred method for authenticating with PKI certificates. If you do not have an eToken, please contact Need Help and request information on how to obtain one.

Note: To use your PKI personal certificate, you may also need to install the Dartmouth Root Certificate in your web browser's certificate store. This root certificate helps your computer determine if Dartmouth's issued certificates are trustworthy. Follow the directions provided for your browser below ("Adding Dartmouth's Root Certificate") to download the Root Certificate and set it to be trusted.

Internet Explorer

Internet Explorer, by default, asks if you want it to remember your password. Please do not allow Internet Explorer to remember your DND or certificate passwords, as this will significantly reduce your security.

Some Windows computers will need Microsoft updates before you can install PKI certificates. If this is the case with your computer, you will get a message to that effect during the registration process. We strongly recommend you keep Windows updated with all critical updates by visiting http://windowsupdate.microsoft.com. These updates will protect your computer against a number of security threats, in addition to keeping it up-to-date for PKI.

Windows 7 Configuration Changes for PKI

If you have Windows 7 running on your computer, prior to obtaining the root and personal PKI certificates, you may need to do the following:

  1. Start Internet Explorer and click Tools, then Internet Options.
  2. Click the Security tab, then Trusted Sites, then the Sites button. In the Add this website to the zone field, enter https://collegeca.dartmouth.edu. Click Add, then Close.
  3. Click the Custom Level button, then in the Reset to field, select Low. Next, in the Initialize and script ActiveX controls not marked safe for scripting field, select Enable. Click OK.
  4. Quit Internet Explorer.

You should now be able to download the root certificate and obtain a personal certificate.

Getting a Digital Certificate

To get a digital certificate, end an email to help@dartmouth.edu to request one.

Importing or Exporting a Certificate

While using PKI, you may find that you need to import or export your certificate. Should that occasion occur, please use the following instructions.

Importing a Certificate

  1. Select Internet Options from the Tools menu.
  2. Click the Content tab, then the Certificates button.
  3. Click the Import button, then the Next button.
  4. Click the Browse button.
  5. Browse to the PKCS #12 certificate file you want to import and select it. Change the Files of type setting at the bottom of the open window to Personal Information Exchange (*.pfx, *.p12).
  6. Click the Open button, then the Next button.
  7. Enter the password you used when you created the PKCS #12 file.
  8. Make sure the Enable strong private key protection check box is checked.
  9. Make sure the Mark this key as exportable check box is checked.
  10. Click the Next button.
  11. If you are importing a personal certificate (which you probably are), make sure the Place all certificates in the following store radio button is selected and the Certificate store box is set to Personal. Otherwise, use the other radio button or select the appropriate store.
  12. Click the Next button.
  13. Verify that the import was successful. If not, and you received an error, it is likely there is something wrong with the PKCS #12 file you tried to import.
  14. Click the Finish button.
  15. In the Importing a new private exchange key dialog box, click the Set Security Level button.
  16. Make sure the High radio button is selected.
  17. Click Next.
  18. Enter your key store password for this certificate twice. See Selecting a Password for tips on selecting a good password.
  19. Click the Finish button.
  20. Make sure the security level is set to High.
  21. Click OK twice.

Exporting a Certificate

  1. Select Internet Options from the Tools menu.
  2. Click the Content tab, then the Certificates button.
  3. Select the desired certificate.
  4. Click the Export button, then the Next button.
  5. Make sure the Yes, export the private key button is selected (this is important!).
  6. Make sure the Personal Information Exchange - PKCS #12 (.PFX) radio button is selected.
  7. Make sure the Enable strong protection (requires IE 5.0, NT 4.0 SP4 or above) check box is checked.
  8. Click the Next button.
  9. Enter your password twice. For tips on selecting a good password, see Selecting a Password.

    Important note: This password is different from your certificate password. It only protects the certificate export file you are creating now. You will need this password when you import the certificate in this file into other browsers or computers.
  10. Click the Next button.
  11. Specify the file name and location you desire (it is probably best to use the Browser button to make sure you know where you are saving the file).
  12. Click the Next button.
  13. The Completing the Certificate Export Wizard dialog box displays the settings for the exported certificate. Note where the certificate was saved and click the Finish button.
  14. Enter your key store password (the one you supplied when you created the certificate). Do not check the Remember password box.
  15. Click OK twice.
Top of page

Firefox

Firefox, by default, will ask you if you want it to remember your password. You should not allow Firefox to remember your DND or certificate passwords as it will significantly reduce your computer's security. 

Getting a Digital Certificate

Send an email to help@dartmouth.edu to request a digital certificate.

Importing or Exporting a Certificate

  1. Select Options from the Tools menu (or Preferences on the Firefox menu if you are using Mac OS X).
  2. Select the category Advanced.
  3. Select the sub-category View Certificates.
  4. Click the Your Certificates tab in the displayed window.

Importing a Certificate

  1. Click the Import button.
  2. In the dialog box that appears, browse for the file containing the certificate you want to import, select it, and click Open.
  3. In response to the alert Please enter the master password for the Software Security Device, enter the password for your certificate store.
  4. In response to the alert Please enter the password that was used to encrypt this certificate backup, enter the .p12 file password.
  5. Finally, you should receive the following alert: Successfully restored your security certificate(s) and private key(s).

Exporting a Certificate

  1. Select the certificate.
  2. Click the Backup button.
  3. In the File Name to Backup field, enter a file name and select the format PKCS 12 Files in the menu.
  4. An alert will display the message, Please enter the master password for the Software Security Device.
  5. Enter the password for your certificate store to authorize the key transfer.
  6. The next window prompts you to Choose a Certificate Backup Password.
  7. Fill in both blanks with the same password (which protects the keys in transit), then click OK.
  8. Finally, you should receive the following alert: Successfully backed up your security certificate(s) and private key(s).

Top of page

Last Updated: 10/24/14