CIS Certificate Authority
The department maintains the UAB CIS Certificate Authority to sign certificates that are required for use with SSL-enabled applications. In our department, this includes the incoming and outgoing email servers, the web server, the helpdesk server and others.
Client-side applications like web browsers and email readers maintain a list of trusted Certificate Authorities. If a server presents a certificate that was signed by someone on their trusted list, they will allow the user into the application automatically. If the authority is not trusted, the user will be asked to confirm whether they want to proceed before being allowed into the application.
Since the UAB CIS Certificate Authority is not included in the trusted list by default, users need to add it to the list in order to avoid these warning messages. This is done by importing the Certificate Authority's own certificate into your trusted list (sometimes called a keyring or keychain). The specific steps required to do this vary depending on OS and application.
The CA certificate is available below. There are two versions available, .p12 and .pem. Below are instructions for several OSes and applications. Be sure to read the full list - some applications require specific steps above those for the operating system.
Microsoft Windows XP - Right-click on the cacert.p12 version and Save As... to your local machine. Then double-click cacert.p12 and the Microsoft Certificate Import wizard will open. Accept all of the defaults. The password is blank (by design; this is a public certificate). You will be asked to confirm and then receive a success message when the certificate is imported.
Internet Explorer and Outlook / Outlook Express - Follow the instructions above for Windows. IE and Outlook will both use this trusted cert now. (Note that the Import Wizard can also be reached from IE via the Certificates area of the Content tab of the Internet Options).
Macintosh OS X - Right-click on cacert.pem and save to the local machine. On the local machine, rename the file cacert.cer. Double-click the file to launch the keychain manager. Add the certificate to the X509Anchors keychain.
Firefox (all platforms) - Firefox maintains its own trusted CA list. Generally, all that is required is to click the cacert.pem file from the browser, which launches Firefox's import wizard. Be sure to indicate that you want to use the certificate to validate web sites.
Thunderbird (all platforms) - Save cacert.pem to your local machine. Then, from Thunderbird's Tools menu, choose Options, then the Privacy button, then the Security tab. On the Security tab, click the View Certificates button, then the Authorities tab, then click Import. Import cacert.pem.
Once this process is complete, you should restart your browsers and email readers and revisit a CIS SSL-enabled resource. You should no longer receive any warnings.
If you have questions, please contact helpdesk@cis.uab.edu.
Attachments
