Certificate Authority
Contents |
[edit] What is a Certificate Authority
A Certificate Authority, or CA, is an entity that vouches for the identity of a digital resource by signing Certificate Signing Requests.
[edit] Obtaining Signed Certificates
The university has not yet implemented the necessary framework to run a full-fledged certificate authority service. Certificates signed by the aforementioned certificate authorities are currently in limited deployment. It is unlikely, however not impossible, to obtain a certificate signed by these authorities.
[edit] Importing the University Certificate Authority
Properly designed applications will by default complain about certificates issued by the Case certificate authorities because this certificate authority is not in the default bundle, or list, of trusted certificate authorities. The problem can be rectified by importing these certificates into the trusted CA bundle.
The first step is to download the Case CA bundle. As of May 28, 2009 we have new root and server CA certificates against which all new server certificates will be signed. The newer certificates use better encryption mechanisms and more secure algorithms for the signatures. For backwards compatibility, the old certificates are also included in the new bundle.
The new certificate bundle may be found at
https://its-services.case.edu/middleware/src/case-ca-bundle-2009.crt
The old bundle may still be found at
https://its-services.case.edu/middleware/src/case-ca-bundle.crt
Some browsers will automatically identify the file as a certificate and prompt you to import the certificate to the browser's or operating system's trusted CA list, so you may need to right click on the link to tell the browser to explicitly save the link target as a file.
Many services are using certificates issued by Entrust. The Entrust public certificate is available at https://its-services.case.edu/middleware/Responsibilities/SSL/SSL.html.
[edit] For OS X
Double clicking on the downloaded .crt file will open Keychain Access. You might be prompted for your system administrator's password. You will be prompted with a box asking if you want to add the certificates to the keychain. From the keychain drop-down menu, select "System" and click OK.
[edit] For *NIX Systems
Most distributions have a global trusted CA bundle file somewhere. The file is often named ca-bundle.crt. To add the Case CA's to the list, we just issue the command:
cat case-ca-bundle.crt >> ca-bundle.crt
Common locations for ca-bundle.crt
- RedHat -- /usr/share/ssl/certs/ca-bundle.crt
[edit] For Windows
Opening the aforementioned file will open the Windows Certificate Import Wizard. Simply click your way through the interface and the Case certificate authority will be marked as a trusted CA in Windows. This setting should propogate to any well-programmed application.