You may be using a Web browser that does not support standards for accessibility and user interaction. Find out why you should upgrade your browser for a better experience of this and other standards-based sites...

Dartmouth Home  Search  Index

Dartmouth Home | Search | Index

 Dartmouth home page
Computing at Dartmouth
 

Home | Resources | Services | Support | About
Computing > Support >  Library >  Safe Computing > Defenses > Authentication > PKI > Certificates >  

Firefox 1.5 and 2.0

Firefox, by default, will ask you if you want it to remember your password. You should not allow Firefox to remember your DND or certificate passwords as it will significantly reduce your computer's security. Upgrading to Firefox 2.0 is recommended for all Firefox users.

Getting a Digital Certificate

To obtain a low-assurance digital certificate (as opposed to the high-assurance certificate on an eToken), follow the instructions provided below:

  1. Consider what you will be using for a password; see Selecting a Password for tips.
  2. Click on the following link: https://collegeca.dartmouth.edu/. A new browser window will open. If the new browser window covers the previous window, move it to the right so you can see these instructions.
  3. On the Dartmouth CAPSO v.1.0 Certificate Authority & PKI Solution Web page, click on Request a Personal Cert under Certificate Requests.
  4. At the Dartmouth Web Authentication Web page, enter your full name as it appears in the Dartmouth Name Directory (e.g., Susan Q. Jones) and your DND (BlitzMail) password, then press the LOGIN button.
  5. The Certificate Contents window appears with the following fields. Verify that they contain the following entries:
    • Common name: Enter your full name as it appears in the DND (e.g., Susan Q. Jones).
    • Email: Enter your full Dartmouth e-mail address. (e.g., susan.q.jones@dartmouth.edu).
    • Keysize: Select 1024 (Medium Grade).
    • Certificate Type: Select Software Certificate.
  6. Click the Submit button.
  7. On the Security Device window, define a password for the certificate. Enter the password twice, then click OK.
  8. The CAPSO software generates a certificate. Verify the certificate's data as best you can, then click Install Certificate.
  9. The browser will ask you to confirm your request to install. Click OK.
  10. The browser will advise you that the certificate was installed. Click OK.
  11. Proceed to the next section: Adding Dartmouth's Root Certificate.

Adding Dartmouth's Root Certificate

  1. Click on the following link: Dartmouth CAPSO. A new browser window will open. If the new window covers the previous window, move it to the right so you can see these instructions.
  2. On the CAPSO Web page, click on Root Certificates under Download.
  3. On the Download Certificates Web page, click on the Dartmouth CertAuth1 CA (Dartmouth Root CA) link.
  4. The browser will prompt you to define the trusts for this certificate. Check all three boxes (Web sites, e-mail, and software developers), then click OK.
  5. You now have a digital certificate. You can close the Dartmouth CAPSO browser window.

Verifying a Certificate

To check whether your certificate was created successfully:

  1. Select Options from the Tools menu (or Preferences from the Firefox menu if you are using Mac OS X). Click on the Advanced section, then click View Certificates.
  2. When the Certificate Manager window opens, click on the Your Certificates tab.
  3. If your certificate appears in the list and the Purpose column shows client, sign, encrypt, enrollment was successful.
  4. If your certificate appears in the list, but the Purpose field shows <issue unknown>, you still need to add Dartmouth's root certificate. See the section above.
  5. If you want further confirmation, click on your certificate, then click the View button to see the contents of the certificate and verify that the certificate was imported correctly.

Importing or Exporting a Certificate

  1. Select Options from the Tools menu (or Preferences on the Firefox menu if you are using Mac OS X).
  2. Select the category Advanced.
  3. Select the sub-category View Certificates.
  4. Click the Your Certificates tab in the displayed window.
Importing a Certificate
  1. Click the Import button.
  2. In the dialog box that appears, browse for the file containing the certificate you want to import, select it, and click Open.
  3. In response to the alert Please enter the master password for the Software Security Device, enter the password for your certificate store.
  4. In response to the alert Please enter the password that was used to encrypt this certificate backup, enter the .p12 file password.
  5. Finally, you should receive the following alert: Successfully restored your security certificate(s) and private key(s).
Exporting a Certificate

Note: One of the characteristics of  low-assurance certificates is that their associated private keys can be easily exported, something that cannot be done using the eToken to store your high-assurance certificate and associated private key.

  1. Select the certificate.
  2. Click the Backup button.
  3. In the File Name to Backup field, enter a file name and select the format PKCS 12 Files in the menu.
  4. An alert will display the message, Please enter the master password for the Software Security Device.
  5. Enter the password for your certificate store to authorize the key transfer.
  6. The next window prompts you to Choose a Certificate Backup Password.
  7. Fill in both blanks with the same password (which protects the keys in transit), then click OK.
  8. Finally, you should receive the following alert: Successfully backed up your security certificate(s) and private key(s).

03/14/08

Last Updated: 3/17/08