You may be using a Web browser that does not support standards for accessibility and user interaction. Find out why you should upgrade your browser for a better experience of this and other standards-based sites...

Dartmouth Home  Search  Index

Dartmouth Home | Search | Index

 Dartmouth home page
Computing at Dartmouth
 

Home | Resources | Services | Support | About
Computing > Support >  Library >  Safe Computing > Defenses > Authentication > PKI > Certificates >  

Internet Explorer 6.x and 7.x

Internet Explorer 5.x is not recommended. Please consider upgrading your browser at your earliest convenience.

Internet Explorer, by default, asks if you want it to remember your password. Please do not allow Internet Explorer to remember your DND or certificate passwords, as this will significantly reduce your security.

Some Windows computers will need Microsoft updates before you can install PKI certificates. If this is the case with your computer, you will get a message to that effect during the registration process. We strongly recommend you keep Windows updated with all critical updates by visiting http://windowsupdate.microsoft.com. These updates will protect your computer against a number of security threats, in addition to keeping it up-to-date for PKI.

Please note: If you are running Windows Vista on your computer, you will need to make some configuration changes before proceeding to the Getting a Digital Certificate section below. If you are running Windows XP on your computer, you can go directly to the Getting a Digital Certificate section below.

Getting a Digital Certificate

To get a digital certificate, follow the instructions provided below:

  1. Consider what you will be using for a password; see Selecting a Password for tips.
  2. Click the following link: https://colleageca.dartmouth.edu/. A new browser window will open. If the new browser window covers the previous window, move it to the right so you can see these instructions.
  3. On the Dartmouth CAPSO v.1.0 Certificate Authority & PKI Solution Web page, click on Request a Personal Cert under Certificate Requests.
  4. At the Dartmouth Web Authentication Web page, enter your full name as it appears in the Dartmouth Name Directory (e.g., Susan Q. Jones) and your DND (BlitzMail) password, then press the LOGIN button.
  5. The Certificate Contents window appears with the following fields. Verify that they contain the following entries:
    1. Common Name - Enter your full name as it appears in the Dartmouth Name Directory (e.g., Susan Q. Jones).
    2. Email - Enter your Dartmouth e-mail address (e.g., susan.q.jones@dartmouth.edu).
    3. Provider - Select Microsoft Enhanced Cryptographic Provider (the default value).
    4. Keysize - Select 1024 (Medium Grade).
    5. Certificate Type - Select Software Certificate.
  6. Click the Submit button. The Web browser may display a "Potential Scripting Violation" message asking you to confirm your request for a certificate. If it does, select Yes.
  7. The certificate request page now displays Confirmation Data. Review the information, then press Install Certificate.
  8. The Web browser may ask, Would you like to try to install your certificate? Select OK.
  9. The Web browser may display a "Potential Scripting Violation" message asking you again to confirm your request for a certificate. Select Yes.
  10. The Web browser will notify you if the certificate was successfully installed. Click OK.
  11. You now have a digital certificate and can verify it using the following steps.

Verifying That Your Certificate Was Created Properly

  1. Select Internet Options from the Tools menu.
  2. Click the Content tab, then the Certificates button.
  3. Your certificate name should appear under the Personal tab.

If you want further confirmation, click on your certificate name, then click the View button to see the contents of your certificate. Verify that the certificate was imported correctly.

The next step in using PKI secure certificates at Dartmouth is Getting the Dartmouth Root Certificate.

Importing or Exporting a Certificate

While using PKI, you may find that you need to import or export your certificate. Should that occasion occur, please use the following instructions.

Importing a Certificate

  1. Select Internet Options from the Tools menu.
  2. Click the Content tab, then the Certificates button.
  3. Click the Import button, then the Next button.
  4. Click the Browse button.
  5. Browse to the PKCS #12 certificate file you want to import and select it. Change the Files of type setting at the bottom of the open window to Personal Information Exchange (*.pfx, *.p12).
  6. Click the Open button, then the Next button.
  7. Enter the password you used when you created the PKCS #12 file.
  8. Make sure the Enable strong private key protection check box is checked.
  9. Make sure the Mark this key as exportable check box is checked.
  10. Click the Next button.
  11. If you are importing a personal certificate (which you probably are), make sure the Place all certificates in the following store radio button is selected and the Certificate store box is set to Personal. Otherwise, use the other radio button or select the appropriate store.
  12. Click the Next button.
  13. Verify that the import was successful. If not, and you received an error, it is likely there is something wrong with the PKCS #12 file you tried to import.
  14. Click the Finish button.
  15. In the Importing a new private exchange key dialog box, click the Set Security Level button.
  16. Make sure the High radio button is selected.
  17. Click Next.
  18. Enter your key store password for this certificate twice. See Selecting a Password for tips on selecting a good password.
  19. Click the Finish button.
  20. Make sure the security level is set to High.
  21. Click OK twice.

Exporting a Certificate

  1. Select Internet Options from the Tools menu.
  2. Click the Content tab, then the Certificates button.
  3. Select the desired certificate.
  4. Click the Export button, then the Next button.
  5. Make sure the Yes, export the private key button is selected (this is important!).
  6. Make sure the Personal Information Exchange - PKCS #12 (.PFX) radio button is selected.
  7. Make sure the Enable strong protection (requires IE 5.0, NT 4.0 SP4 or above) check box is checked.
  8. Click the Next button.
  9. Enter your password twice. For tips on selecting a good password, see Selecting a Password.

    Important note: This password is different from your certificate password. It only protects the certificate export file you are creating now. You will need this password when you import the certificate in this file into other browsers or computers.
  10. Click the Next button.
  11. Specify the file name and location you desire (it is probably best to use the Browser button to make sure you know where you are saving the file).
  12. Click the Next button.
  13. The Completing the Certificate Export Wizard dialog box displays the settings for the exported certificate. Note where the certificate was saved and click the Finish button.
  14. Enter your key store password (the one you supplied when you created the certificate). Do not check the Remember password box.
  15. Click OK twice.

08/29/08

Last Updated: 9/2/08