Getting a Middlebury College Security Certificate

Revision as of 11:16, 22 December 2009 by Petar Mitrevski (talk | contribs) (Added tag: 'Mac')
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Middlebury has started rolling out its own computer (digital) certificate. To obtain Middlebury's certificate on Macs, you can read these instructions: Importing Certificates in Mac OS X. To obtain Middlebury's certificate on Windows computers, you will need to visit the webpage of our local certificate authority: https://XXXX.middlebury.edu/certsrv/certcarc.asp -- contact the Helpdesk to obtain the name of our local certificate authority server.

Certificates in a bit more detail

To communicate securely, computers and computer services (such as e-mail, webpages, etc) use digital certificates (also known as computer certificates). In brief, these certificates serve to verify that you are indeed connecting to a service that Middlebury provides (and not getting scammed/tricked by a malicious person). For things to work securely, your computer, as well as the service that you are accessing, need to have the same certificate.

The easiest certificates to deal with are trusted root certificates. These are basically very expensive certificates sold by companies like VeriSign. Because they are very expensive, Middlebury has chosen to only strategically (for special services) use trusted root certificates from a foreign authority (like Verisign). Other services that need to be secure are using Middlebury's own certificates (known as self-signed certificates). Just like Verisign, Middlebury can also create certificates, except Verisign's certificates are implicitly trusted by almost all computers in the world. Middlebury's home-made certificates are implicitly trusted only by Windows computers added to the Middlebury domain. The rest of the computers will complain when they encounter Middlebury's self-signed certificate. You can however, import Middlebury's home-made certificate into your computer, thus making your computer implicitly trust this certificate (putting an end to warnings about Middlebury's self signed certificate). Note that it is OK to import Middlebury's home-made certificate since you already implicitly trusting Middlebury to provide a lot of computing services. You should be wary, however, if someone else asks you to import their self-signed certificate.

Powered by MediaWiki