SSL Certificate Information

The department uses SSL (Secure Sockets Layer) encryption to protect some types of communication between its machines and between its machines and other machines.

In particular, we have secure IMAP and POP services for downloading your e-mail, as well as SMTP AUTH for sending mail through our mail server.

Accepting Service-Specific Certificates

The easiest way to use SSL-protected services is to simply accept our certificates through whatever mechanism your client uses (usually a checkbox or button in a dialog box).

If your client doesn't allow you to permanently accept a certificate, you want to be sure a service certificate was created by the department, or you just don't want to deal with accepting each service certificate you encounter, you can install our root certificate.

Installing Our Root Certificate

We have a “self-signed” certificate, which means that we are asserting its validity without paying an outside firm to do the same.

Until you have installed our root certificate, your browser or other client software will complain about not being able to confirm the validity of the certificate. You can ignore such messages, or, better, install our root certificate and get rid of them.

To start, download our root certificate:

Verifying Our Root Certificate

When installing our root certificate, you should verify that its checksums match those reproduced below. Note that this text has been cryptographically signed by Claire Connelly's GPG key. You can copy the text into a file and use GPG to verify its authenticity (gpg --verify file).

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Checksums for the HMC Mathematics Root Certificate.

SHA1: 68 8A 92 EF BC F9 B8 B2 3F 80 BA A6 C1 06 91 72 55 00 4E 5F
MD5: 62 F4 E7 70 C7 8E 21 48 5F 2E 8D 09 F3 62 A2 8D
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAkidScIACgkQB0pE8d7vd8xI7gCdEP7T3+bC/7ulxOEiZqHgrTy8
EbIAoIjUKHX9H16+I6cenuMRlk5Ru61p
=6ung
-----END PGP SIGNATURE-----

Linux

The certificate will be installed by default on the Linux systems that belong to the department. If you're running Linux yourself, however, and you want to be able to access systems we run over SSL, you'll need to install the certificate yourself.

Different Linux distributions handle certificate installation in different ways. We recommend that you consult your distribution's documentation, do a web search, or ask in a support forum or mailing list for the specifics for your distribution.

Windows

...more...

Mac OS X

Certificates are installed on Mac OS X using the Keychain Assistant application. After you've downloaded our root certificate, find it in the Finder and double-click on it, which will open Keychain Access.

Add Certificates dialog in Keychain Access.

Next, change the keychain from login to System.

Changing the keychain.

Click the “Always Trust” button to make the certificate trusted.

Setting the trust level.

Enter the name and password of an administrator on your system to authorize the addition of this certificate to the System keychain.

Authenticate to add certificate.

You're done! The root certificate is now installed and trusted, and you should now be able to connect to SSL-protected services supplied by the math department without having to accept the validity of their individual certificates.

Other Systems

There are more and more multipurpose computing devices (such as cellular telephones) that support web browsing, e-mail, and other services that are often protected by SSL certificates. Because every devices is different, we recommend that you consult your device's documentation for details.