Computing and Network Services Home Computing and Network Services Home Drew University home page
Drew University: Computing and Network Services
 
Drew University > Technology > CNS User Support | Computer Store | Campus Networking | Remote Access | Enterprise Applications | Telecommunications
 

Installing the Drew CA certificate in your web browser

With recent changes in pricing and options offered by commercial Certificate Authorities, Drew has switched to using internally signed certificates for its secure web applications. While this does offer additional convenience and cost-savings for us in deploying secure web services, it does have the disadvantage that the Drew Certificate Authority certificate must be installed in user's web browsers to avoid certificate warnings when accessing secure sites.

This page will show you how to install the Drew CA certificates in your web browser, which will enable you to avoid seeing a browser security warning message when accessing Drew secure sites. Note that these messages are cosmetic, so if you are unable to follow these instructions to install the certificate on the computer you are using, you can simply ignore the certificate warning messages.

Please note that in updated Drew-standard computer configurations, the Drew CA is already installed in your browser.

Installing the CA certificates in Internet Explorer or Mozilla

Their are presently two Drew Certificate Authorities, one for Drew's Novell eDirectory tree, and one for Drew's Microsoft Active Directory domain. Click each of the links below to open the CA certificate in your browser. Please note that you do need to install both CA certificates.

Depending on which browser you are using, you will see a different dialog box asking you to confirm the installation of the CA certificate.

Mozilla:

After clicking each of the links above, you will see a dialog like the following:

Select all three checkboxes and then click OK to install the certificate. Repeat this process for both the Active Directory and eDirectory CA certificates.

Internet Explorer

After clicking each of the links above, you will see a dialog like the following:

Click Open to open the certificate file. You will see a certificate dialog like the one below:

Click Install Certificate to install the CA certificate. The Certificate Import Wizard will appear:

Continue to click Next, accepting the defaults for the Certificate Import Wizard. The CA certificate should then be installed. Repeat this process for both the Active Directory and eDirectory CA certificates.

Notes on other browsers

IE for the Macintosh

It is possible to install the CA certificate in IE for the Macintosh, however, we do not recommend doing so. Installing a CA certificate in IE on the Mac requires you to define a certificate store password, which you will then be prompted for when you connect to any secure site, not just Drew. On the Macintosh platform, we presently recommend that you use Mozilla.

Safari for the Macintosh

Safari does not presently provide a mechanism for installing CA certificates automatically. John Muccigrosso in the Classics department has provided these instructions for using a third-party utility to install the CA certificates.

  1. Get the certificates from CNS. There are two of them and you can find them below. Save them where you can find them again (of course).

    Novell eDirectory CA Certificate (DER-encoded binary format)
    RSA Fingerprint: 6a 7f 24 4a 2a bc 28 59 aa 6f dc 17 42 45 d2 ef 66 d5 47 17

    Microsoft Active Directory CA Certificate (DER-encoded binary format)
    RSA Fingerprint: 5a 3f 5f 7e 4a 4a d3 31 56 49 64 19 5b 62 ac e4 8e b8 a7 38
  2. Get the tool that installs them. It's called CerttoolGUI ("Certificate Tool Graphical User Interface") and is freely available at a number of places, including this one. (Opens in a new window.)
  3. Run this application, and tell it where the two certificates are by choosing the "Add certificate" option, followed by "Import certificates". (CerttoolGUI complained about the format of the drew-edir-ca.der certificate, but installed it anyway, as far as I can tell.)
  4. That's it. Safari shouldn't ask you about the certificates anymore. You can test this by going to CampusWeb and seeing if you get a warning.
  
 
 
Copyright © 2003-2009, Drew University Where do I go for HELP? | CNS Live | Contact Us
Page last updated: 16 October 2007