What Are Server Certificates
When you visit a secure web site, your web browser checks the site's
credentials based on information contained in it's server certificate.
Generally, that certificate is issued by one of a handful of Certificate
Authorities which have made deals with web browser manufacturers to be
'trusted'. They are trusted by having their root certificate installed
in your web browser.
These trusted Certificate Authorities can then tell you wether a site is who it
claims to be. This is sort of like a liquor store trusting your state issued
Driver's license to have the correct age. It is possible that your Student ID
card has your age, but the liquor store probably won't accept it...they may
not have even heard of your school, let alone know that they IDs are secure
and hard to alter. A root certificate is like the liquor store having
examples of IDs and assurances that the IDs are hard to alter.
Why isn't Keyroute.net's Trusted
Because there are very few root certificates installed in web browsers
by default, Certificate Authorities can charge pretty much anything they want.
For keyroute.net, I decided to use a non-profit organization to provide my
certificate. Keyroute.net members can easily install a new root certificate
in their browsers and then not have to worry.
Installing the Certificate
Safari (Mac OS X)
- Download the certificate from
CA Cert.
- Go to the CA Cert Root Certificate
Fingerprint Page.
- Double click on the file cacert.crt which you just downloaded
- In the 'Add Certificate' Keychain dialog box, choose the 'X.509 Anchors'
keychain and click OK.
- Verify that the fingerprints match
- Enter your administrator password when asked
- Re-Start Safari
Explorer (Windows)
- Download the certificate from
CA Cert.
- Go to the CA Cert Root Certificate
Fingerprint Page.
- Choose 'Open' then 'Install Certificate' once you have selected what you downloaded
- Verify that the fingerprints match and then approve the certificate addition
- Re-Start Internet Explorer
There is an annoying bug with Explorer. You are required to add a password to add a certificate
and then the first visit to a secure site
every browser session you will be asked for
your password. If you still want to do this, follow these directions.
- Control click this certificate link to 'Download Link to Disk'
- Rename the file cacert.cer (instead of .der)
- Within Internet Explorer, go to CA Cert to
view the IE Thumbprint
- Choose 'Open File' from the 'File' menu and select the cacert.cer file you downloaded
- If the thumbprint shown matches that on the CACert page, then check the appropriate boxes and choose 'Accept'
- You will be asked to add a password (twice, then you will be asked for it to add the certificate)
- Restart Internet Explorer
Directions for other browser can be found on CA
Cert's Root Certificate page.