SSL Certificate Information
The department uses SSL (Secure Sockets Layer) encryption to protect some types of communication between its machines and between its machines and other machines.
Accepting Service-Specific Certificates
The easiest way to use SSL-protected services is to simply accept our certificates through whatever mechanism your client uses (usually a checkbox or button in a dialog box).
If your client doesn't allow you to permanently accept a certificate, you want to be sure a service certificate was created by the department, or you just don't want to deal with accepting each service certificate you encounter, you can install our root certificate.
Installing Our Root Certificate
We have a “self-signed” certificate, which means that we are asserting its validity without paying an outside firm to do the same.
Until you have installed our root certificate, your browser or other client software will complain about not being able to confirm the validity of the certificate. You can ignore such messages, or, better, install our root certificate and get rid of them.
To start, download our root certificate:
Verifying Our Root Certificate
When installing our root certificate, you should verify that its
checksums match those reproduced below. Note that this text has been
cryptographically signed by Claire Connelly's GPG key.
You can copy the text into a file and use GPG to verify its
gpg --verify file).
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Checksums for the HMC Mathematics Root Certificate. SHA1: 68 8A 92 EF BC F9 B8 B2 3F 80 BA A6 C1 06 91 72 55 00 4E 5F MD5: 62 F4 E7 70 C7 8E 21 48 5F 2E 8D 09 F3 62 A2 8D -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) iEYEARECAAYFAkidScIACgkQB0pE8d7vd8xI7gCdEP7T3+bC/7ulxOEiZqHgrTy8 EbIAoIjUKHX9H16+I6cenuMRlk5Ru61p =6ung -----END PGP SIGNATURE-----
The certificate will be installed by default on the Linux systems that belong to the department. If you're running Linux yourself, however, and you want to be able to access systems we run over SSL, you'll need to install the certificate yourself.
Different Linux distributions handle certificate installation in different ways. We recommend that you consult your distribution's documentation, do a web search, or ask in a support forum or mailing list for the specifics for your distribution.
Mac OS X
Certificates are installed on Mac OS X using the Keychain Assistant application. After you've downloaded our root certificate, find it in the Finder and double-click on it, which will open Keychain Access.
Next, change the keychain from login to System.
Click the “Always Trust” button to make the certificate trusted.
Enter the name and password of an administrator on your system to authorize the addition of this certificate to the System keychain.
You're done! The root certificate is now installed and trusted, and you should now be able to connect to SSL-protected services supplied by the math department without having to accept the validity of their individual certificates.
There are more and more multipurpose computing devices (such as cellular telephones) that support web browsing, e-mail, and other services that are often protected by SSL certificates. Because every devices is different, we recommend that you consult your device's documentation for details.