Benefits and key features
Certificates are a safe way for MIT web applications to identify you without you needing to type in a username and password.
Personal certificates expire every year on July 31 and must be renewed annually. The MIT Certificate Authority (CA) is valid until August 2026.
To access MIT's secure web servers you actually need two different types of certificates: the MIT CA (Certification Authority), and your MIT personal certificate.
The MIT Certificate Authority (MIT CA) authenticates the secure web server to your computer. They are valid for several years.
Note: Browsers come with a group of other certificate signers (also known as certificate or root authorities) pre-installed; you are adding the MIT Certification Authority to this group.
Your MIT Personal Certificate authenticates you and your computer to the web page or application you are accessing. It is "signed" by the MIT CA and associates you with your Kerberos username and password, proving to the secure web server that you are who you claim to be.
Before obtaining certificates, make sure you have the following:
- Your MIT ID number
- Your Kerberos username and password
- An MIT-supported web browser installed on each computer for which you are getting certificates
- Note: You will be required to change your Kerberos password during certificate renewal if your existing password is older than one year.
Install/Renew using CertAid (Recommended):
We strongly recommend using CertAid to configure your certificates for Chrome, Internet Explorer, and Safari. It manages the entire certificate setup procedure, giving you a more reliable installation experience. The setup procedure includes installing the MIT CA as well as your personal certificate.