SSL Certificates: Difference between revisions

From Supporting Role Wiki
Jump to navigationJump to search
No edit summary
Line 6: Line 6:


== Browsers ==
== Browsers ==
=== Internet Explorer 7 ===
=== Internet Explorer 7+ ===
#Go to the Root Certificate location: http://www.uk.forgetaboutit.net/certs/
#Go to the Root Certificate location: http://www.uk.forgetaboutit.net/certs/
#Click on '''fabit-ca-cert.crt''' and '''open''' the certificate
#Click on '''fabit-ca-cert.crt''' and '''open''' the certificate

Revision as of 09:25, 15 September 2011

An SSL certificate is half of a pair of certificates needed for an encrypted session. Forget About IT® has it's own master certificate, otherwise known as a root certificate. This allows us to issue certificates for all of our clients at no cost.

Without installing the root certificate on your computer or mobile device, you will get a warning that we are not to be trusted. This is because we have yet to persuade Microsoft, Apple et al to release their software with our root certificate pre-installed. Maybe one day :-).

All that is needed to avoid the warnings, is for the root certificate to be installed on any device that needs to access a Forget About IT® server. The root certificate can be found here. Different browsers require different techniques:

Browsers

Internet Explorer 7+

  1. Go to the Root Certificate location: http://www.uk.forgetaboutit.net/certs/
  2. Click on fabit-ca-cert.crt and open the certificate
  3. Click on the Install button to launch the wizard, then on Next.
  4. Select Place all certificates in the following store and browse to Trusted Root Certification Authorities.
  5. Click on OK and then Next
  6. Click on Finish and then acknowledge the security warning.
  7. Acknowledge the completed message box, and then click OK to close the certificate window.
Note: This procedure only adds the FABIT root certificates to the current user.

Mozilla Firefox

  1. Go to the Root Certificate location: http://www.uk.forgetaboutit.net/certs/
  2. Click on fabit-ca-cert.crt
  3. You'll get: 
    You have been asked to trust a new Certificate Authority (CA).
    Do you want to trust "CA Cert Signing Authority" for the following purposes?
    [ ] Trust this CA to identify web sites.
    [ ] Trust this CA to identify email users.
    [ ] Trust this CA to identify software developers.
    Before trusting this CA for any purpose, you should examine its certificate and its policy and procedures (if available).
  4. Tick at least the first box ('Trust this CA to identify web sites.') and click OK

Opera

  1. Go to the FABIT Certificate website: http://www.uk.forgetaboutit.net/certs/
  2. Click fabit-ca-cert.crt. It will be downloaded to your desktop.
  3. Double click on the 'root.crt' file. The Keychain Access application will be launched
  4. Select 'X509Anchors' from the 'Keychain' dropdownlist and press OK.
  5. You will be asked to authenticate yourself. After that, the certificate will be installed system-wide.

Safari

Email Clients

Mozilla Thunderbird

  1. Download the FABIT root certificate from http://www.uk.forgetaboutit.net/certs/ and save it to a convenient location.
  2. Open Thunderbird
  3. Depending on the version of Thunderbird
    • For older versions of Thunderbird open: Preferences->Privacy->Security->View Certificates->CA
    • For Thunderbird V2.+ open: Tools->Options->Encryption->View Certificates->Authorities
  4. Select "Import Certificate" or "Import..."
  5. You'll get: 
    You have been asked to trust a new Certificate Authority (CA).
    Do you want to trust "CA Cert Signing Authority" for the following purposes?
    [ ] Trust this CA to identify web sites.
    [ ] Trust this CA to identify email users.
    [ ] Trust this CA to identify software developers.
    Before trusting this CA for any purpose, you should examine its certificate and its policy and procedures (if available).
  6. Tick at least the second box ('Trust this CA to identify email users.') and click OK.

Outlook

Install the certificate into Internet Explorer and Outlook should be able to use it.

Outlook Express

Install the certificate into Internet Explorer and Outlook should be able to use it.

Microsoft Mail

Install the certificate into Internet Explorer and Outlook should be able to use it.

Mac Mail

Entourage

Mobile Devices

Windows Mobile 6

You first need to copy the certificate file to the device using Internet Explorer. Windows Mobile 6 supports DER, CER and PEM formats, but we recommend using CER. Start File Explorer and then simply tap the filename. The device should then say "Certificate successfully imported" or words to that effect.

Windows Mobile 5 & Pocket PC 2003

On Pocket PC 2003 and Windows Mobile 5.0 the file has to be in DER format. Otherwise, process as above.

Blackberry

iPhone / iPad

Retrieved from "https://wiki.supporting-role.co.uk//index.php?title=SSL_Certificates&oldid=232"