MIT continues to expand its online services and applications which are being delivered over the Web. These applications come from secure web servers that limit access to authorized users and protect transmission of sensitive data by encryption. Secure web servers, like other web servers, provide information and services through web browsers. Access to a secure server requires that you have what are called "web certificates" on your web browser.
Here are some of MIT's services that depend on web certificates.
- WebSIS lets students access their individual academic and financial records (including grades and class assignments), and update address and other personal information.
- Administrators can create requisitions, and view SAP-based financial and purchasing data via SAPweb.
- SAPweb Self-Service lets MIT employees access and update their personal information, benefits enrollment, MIT training opportunites, and other information.
- eCAT facilitates purchases of office supplies, computer equipment and software, lab supplies, maintenance supplies, and other items.
To access MIT's secure web servers you actually need two different types of certificates: the MIT CA (Certification Authority), and your MIT personal certificate.
Before you can get MIT web certificates, make sure you have the following:
- Your valid MIT ID number
- Your Kerberos username and password (same as for Athena, MITnet, MIT email, or SAP)
- An MIT-supported browser installed on each computer for which you are getting certificates; see Web Browsers at MIT
The MIT CA (Certification Authority) authenticates the secure web server to your computer. MIT CAs are valid for several years.
Note: Browsers come with a group of other certificate signers (also known as certificate or root authorities) pre-installed; you are adding the MIT Certification Authority to this group.
Your MIT personal certificate "authenticates" you and your computer to the web page you are visiting or web application you are using. This personal certificate is "signed" by the MIT CA and associates you with your Kerberos username and password. It proves to the secure web server that you are who you claim to be (although the server itself may be one with further restrictions as to who can access it). For example, SAPweb Employee Self-Service uses your personal certificate to identify who you are. With this autentication, your personal information is displayed and you may make updates as needed. For more information, see: Q: What is stored in an MIT personal certificate?
If you use multiple computers you need both certificates for each computer from which you will access MIT's secure web servers. On Athena, you get certificates only once; they follow you to wherever you log into Athena.
If you use multiple browsers on one computer you need to get both certificates for each browser you may use. The typical combinations are Safari and Firefox on Macintosh; IE and Firefox on Windows.
You may find that you need to remove existing certificates from a computer. Among the reasons are:
- You are taking over, as sole user, a computer with certificates for a person no longer using the machine.
- You are taking over a shared computer with certificates for a person no longer using the machine.
- You obtained certificates with a browser password, but you have forgotten that password and need to enter a new one and then obtain new certificates.
- You have reason to believe that your machine has been accessed or compromised by others and you need to get new certificates.
For details, see Deleting MIT Personal Certificates.
Certificate Help Wizard
Get help to properly configure certificates for your browser and operating system.
If you've done this before and just want to get your certificates: