It’s MIT certificate renewal season!
June 12, 2019
Image: Nicole DeSimone

The MIT certificate(s) installed on your computer will expire on July 31, 2019. You must renew these certificates by that date to retain access to MIT’s secure web applications, including Atlas, WebSIS, Stellar, software downloads, and more.

You'll need to renew the certificate for each browser on every computer you use. Renewal consists of downloading replacement certificates for your expiring ones.

Note: If your Kerberos password is over a year old, you will be required to change it during the certificate renewal process. Choose a strong password. Consider using LastPass to save passwords and increase your online security.

CertAid can be used to quickly install new certificates for Chrome, Internet Explorer, and Safari. Please note that CertAid has been updated this year to require Duo two-factor authentication as part of the certificate installation process. If you have a previous version of CertAid (older than 2.2.5), be sure to download the most current version. For Firefox, go to the Get an MIT Certificate page to manually install a new certificate.

Once you install new certificates, deleting your old ones may help you avoid problems accessing sites and resources. CertAid will prompt you to delete these old certificates after the new ones have been installed. IS&T recommends deleting your old certificates unless you use S/MIME to sign or encrypt emails, in which case you should not delete them.

Having a valid certificate is the first step in verifying your identity via MIT’s Touchstone authentication service. The second step is provided through Duo two-factor authentication. To access MIT’s secure online spaces, you need both a valid certificate and a device registered for use with Duo.

If you have any questions or concerns, contact the IS&T Service Desk.


|Login to Comment on this story | Jun 28, 2018 | 2:44 PM

Ok, but how do I actually renew my cert? | Jul 13, 2018 | 2:37 PM

Good question! | Jul 17, 2018 | 11:14 AM

Renewal consists of downloading the replacement certificate for your expiring ones, meaning that you will need to download again Cert Aid and it will ask you automatically to renew the certificate....Also it will ask you to change Kerberos password if it is over a year old. | Jul 5, 2019 | 10:00 AM

Starting with Firefox 69, the keygen HTML element is no longer supported. Since CertAid does not work on Linux as far as I can tell, that means Linux users will have no way of obtaining a certificate any longer. | Jul 26, 2019 | 3:10 AM

For Linux and Chrome, first download a certificate on Firefox by following this: [ ]. Then export the certificate from Firefox and Import it in Chrome, follow this: [ ]. No need to use CertAid.