Important: Be sure to request your certificate on the same computer and web browser on which you plan to use the certificate. You will need to choose a password for your Certificate Store when following the process below. Be sure to select a password you will remember. It is not possible to recover a forgotten password, you can only reset it. For more information see: Using PKI.

Check that the Time and Date set on your computer are accurate before proceeding with getting your Dartmouth Certificate. Most systems have a Date and Time control panel and a feature to synchronize the time with a network time server.

The Dartmouth College Certificate Authority uses a self signed root certificate. This certificate must be installed in your web browser's certificate cache in addition to your personal certificate(s). When installing a new root certificate, most browsers present an alert dialog to report that this step is taking place and ask that you confirm acceptance of this new root certificate. To ensure that you are obtaining the correct Dartmouth College signed root certificate, a calculated hash value called a fingerprint is reported for verification. The fingerprint value is dependent on which algorithm is used by your browser. The proper fingerprint values for the Dartmouth College root certificate for the various hash algorithms are:

MD2:   8D28 33CF B6BC F369 D0B1 3FF6 8616 6302

MD5:   441C BCE1 448D 358B 3C52 A9D6 62FD 2733

SHA1: 88CD 0250 FA66 0376 41A2 E75F EB1B 7A6E 44B8 7F74

MDC2: 55D5 673C 41B4 A4DE 2DD8 B76E 2157 0547

For specific instructions on how to request a certificate, select the combination of Web Browser and Operating System you are using below. If the browser you want to use is not explicitly listed here, the procedure should similar to those documented here. (Note: The Certificate Server's "PKI Enrollment" page is web browser specific. Be sure to carefully read and follow the directions on the actual enrollment page because it may vary slightly with different browser versions.)

Web Browsers Supported:

• Mozilla 1.x on Windows, Mac or Linux
• Netscape 7.x on Windows or Mac
• Internet Explorer 5.x/6.x on Windows 98/2000
• Internet Explorer 5.x on Macintosh DOES NOT WORK
• Netscape 6.x on Windows or Mac DOES NOT WORK
• Netscape Communicator 4.7x on Windows or Mac
• Other Browsers and Known Problems

1. On the DND Based User Enrollment form:
   1. Fill in the fields in the User Identity section as follows {examples in brackets}:
      User ID (required): your name as it appears in the Dartmouth Name Directory {Susan Q. Jones} (unique nicknames also work)
      Password (required): your DND password (which is SSL encrypted in transit)
      
   2. Click submit. Your browser will generate keys and submit a signing request to the Certificate Management System.
2. Supply the password for your "software security device" or other key storage device if prompted.
3. If you get a dialog box that says "Do you want the Password Manager to remember this logon?", click NO.
4. To request a certificate, click the following link which opens a new window to the enrollment system and follow the steps above. Close the enrollment window to return to this page. https://collegeca.dartmouth.edu

Finally, you need to "Edit the CA certificate trust settings".

1. Under the "Edit" menu select "Preferences". (on Mac OSX, preferences is under the "Mozilla" menu)
2. Click on the arrow next to "Privacy & Security" and then click on "Certificates" in the expanded list.
3. Click on the "Manage Certificates" button on the right.
4. Your certificate should be visible on the "Your Certificates" tab.
5. Select your certificate and then click the View button to see your certificate's contents.
6. To edit the trust settings, click on the "Authorities" tab.
7. Select the certificate named "Dartmouth CertAuth1" found near the end of the list.
8. Click the "Edit" button
9. Check the boxes for "This certificate can identify web sites." and "This certificate can identify mail users, click OK. You can then close the certificate manager window and the preferences window.

1. On the DND Based User Enrollment form:
   1. Fill in the fields in the User Identity section as follows {examples in brackets}:
      User ID (required): your full name as it appears in the Dartmouth Name Directory {Susan Q. Jones} (unique nicknames also work)
      Password (required): your DND password (which is SSL encrypted in transit)
      
   2. Public/Private Key Information - the default selection should be "Microsoft Enhanced Cryptographic Provider" to request a 1024 bit key. (The alternate choice is to select "Microsoft Base Cryptographic Provider" to request a 512 bit key.)
   3. Click submit.
   4. Using IE 6.x, you will then see this series of alerts:

      Potential Scripting Violation
      This Web site is requesting a new certificate on your behalf.  You should allow only 
      trusted Web sites to request a certificate for you.
      Do you want to request a certificate now?
      

      Click "YES"

      AutoComplete
      Do you want Windows to remember this password, so that you don't have to type it 
      again the next time you visit this page?
      
      [] Don't offer to remember any more passwords.
      

      Click "NO"

      Potential Scripting Violation
      This Web site is adding one or more certificates to this computer.  Allowing an 
      untrusted Web site to update your certificates is a security risk. The Web site 
      could install certifiates you do not trust, which could allow programs that you do 
      not trust to run on this computer and gain access yo your data.
      
      Do you want this program to add the certificates now?  Click Yes if you trust this 
      Web site.  Otherwise, click NO.
      

      Click "YES" ( this same alert appears again)

      VBScript
      Certificate has been successfully imported
      

      Click "OK"
   5. Your browser will generate keys and submit a signing request to the Certificate Management System.
2. To request a certificate, click the following link which opens a new window to the enrollment system and follow the steps above. Close the enrollment window to return to this page. https://collegeca.dartmouth.edu

To check whether your certificate was imported successfully (they almost always are)...

1. Under the Tools menu select Internet Options.
2. Click on the Content tab and then click on the Certificates button.
3. Under the Personal tab your certificate name should appear.
4. If you want further confirmation, click on your certificate name and then click the View button to see your certificate contents and verify that the certificate was imported correctly.

1. On the DND Based User Enrollment form:
   1. Fill in the fields in the User Identity section as follows {examples in brackets}:
      User ID (required): your full name as it appears in the Dartmouth Name Directory {Susan Q. Jones} (unique nicknames also work)
      Password (required): your DND password (which is SSL encrypted in transit)
      
   2. Public/Private Key Information - select 1024 bit key
   3. Click submit. Your browser will generate keys, submit a request to the Certificate Management System.
2. Supply the password for your "Communicator Certificate Database" if prompted.
3. Click the following link which opens a new window to the enrollment system: https://collegeca.dartmouth.edu

To check whether your certificate was created successfully (they almost always are)...

1. Select Tools item under the Communicator menu and then Security Info sub-menu.
2. In the Security Info window that appears, select Yours under the Certificates heading in the lefthand navigation bar.
3. If your certificate appears in the "These are your certificates" pane the enrollment was successful.
4. If you want further confirmation, click on your certificate and then click the view button to see the certificate contents and verify that the certificate was imported correctly.

1. Internet Explorer 5.x and Safari on Macintosh do not support client side certificates. Some browsers lack support for key generation and so they are not able to acquire a certificate from the SunOne enrollment system. They can however import a certificate generated by and exported from another browser like Mozilla. The browsers that failed were Galeon 1.2.x and Opera 6.0.1 running on Linux. Other browsers may work, follow the prompts they provide.

2. Netscape 6.X client certificate support doesn't work properly.

3. Unauthorized Access
   The error message:

   You are not authorized for this operation.
   If you think this is an error please contact your local administrator for further 
   assistance. 
   

   is usually caused by the wrong password.

4. To reset the password for your Certificate store see: Resetting Passwords