Renew your MIT certificates in July
July 15, 2024
It's that time of year! Renew your MIT certificate by July 30.

With MIT's recent update to Touchstone powered by Okta, use of personal certificates is being phased out, and Information Systems and Technology (IS&T) is investigating passwordless authentication options for Touchstone.

In the meantime, certain web applications will continue to require authentication using a personal certificate rather than Touchstone, so IS&T recommends keeping your MIT certificate up to date.

MIT personal certificates installed on your device(s) will expire on July 30, 2024. You must renew your certificates by that date to retain access to MIT’s secure web applications that require them.

How to renew your certificates

You'll need to renew the certificate for each browser on every device you use to access web applications that require certificate authentication. Renewal consists of downloading and installing replacement certificates for your expiring ones.

IS&T recommends using CertAid to install new certificates for Chrome, Edge, and Safari browsers. Download and install the latest version of CertAid to get started. Instructions for using CertAid are in the IS&T Knowledge Base (KB).

Use of Duo two-factor authentication is required. Be sure to have a Duo-registered device handy during installation.

Delete your old certificates

Once you install new certificates, deleting your old ones may help you avoid problems accessing sites and resources. IS&T strongly recommends deleting your old certificates unless you use S/MIME to sign or encrypt emails, in which case you should not delete them. For more information on what to do in that case, see the Export or Back Up Your MIT Personal Certificates page in the Knowledge Base.

CertAid will prompt you to delete these old certificates after the new ones have been installed.

Verify your new certificates

To ensure your certificate installation was successful, you can test them using the Certificate Test page.

Update your Kerberos password

If your Kerberos password is over a year old, you will need to change it before you can renew your certificates. Choose a strong password and consider using a password manager to save passwords and increase your online security. LastPass Enterprise is available to MIT community members for no charge.

Note that IS&T will never ask you to send or reset your Kerberos password via email.

Get help

If you have any questions or concerns, contact the IS&T Service Desk.