ITS Web Development

Web Development Home | CMS | Web Resources | About Web Dev | Staff | Feedback

Procedure to Trust BGSU SSL Certificates

 

Description:

SSL certificates are used during web transactions to provide strong security between the web server and the client's web browser.  The SSL certificate validates that the web server is authentic and allows transmitted data to be protected by encryption.

All SSL certificates are digitally signed by a certificate authority.  Some certificate authorities are well-known commercial entities and are "trusted" by most web browsers.  Therefore, when a client accesses a web site signed by one of these certificate authorities, the web browser will immediately connect.  However, when a web server uses a certificate not signed by one of these known certificate authorities, it will present a warning message.  The user will have to acknowledge the warning and accept the certificate before accessing the web site.

Since it is costly to have certificates signed by a trusted commercial certificate authority, ITS has created a BGSU certificate authority.  This certificate authority is used to sign SSL certificates on many non-production web environments.  This includes test environments for MyBGSU, Blackboard, and Peoplesoft.  In order to prevent your web browser from presenting warnings about the authenticity of the BGSU-signed certificates, you will need to configure your browser to "trust" it.  Detailed below is this procedure.

Note: You will need a copy of the “BGSU-CA.crt” file.  Click here to download this file.

If you can't download "BGSU-CA.crt" file directly, then download this zipped version and unzip it yourself.  Click here to download zipped version.

Procedure for Internet Explorer on Windows XP:

  1. Open up Microsoft Internet Explorer.
  2. Select “Tools” -> “Internet Options” from the menus.
  3. Select the “Content” tab.
  4. Click on the “Certificates” button.
  5. Select “Import” from the “Certificates” window.
  6. Click “Next” on the “Welcome to the Certificate Import Wizard” window.
  7. Click “Browse…”
  8. Navigate to the directory that contains the “BGSU-CA.crt” file
  9. Select the file “BGSU-CA.crt”, then click “Open”.
  10. Click “Next” on the “File to Import” window.
  11. Select “Automatically select the certificate store based on the type of certificate” and click “Next”.
  12. Click “Finish”.
  13. Click “OK” on the “The import was successful” window.
  14. Click “Close” on the “Certificates” window.
  15. Click “OK” on the “Internet Options” window.
  16. You should be able to access any of the BGSU non-production environments now without a warning message in Internet Explorer.

Procedure for Mozilla Firefox on Windows XP:

  1. Launch Firefox
  2. Select "Options" from the "Tools" menu
  3. Click on the "Advanced" icon
  4. Click on the "Security" tab
  5. Click on the "View Certificates" button
  6. Click on the "Authorities" tab
  7. Click on the "Import" button
  8. Select your copy of the BGSU Root CA Certificate file in the dialog box
  9. Click the check box labeled "Trust this CA to identify web sites"
  10. Click the "OK" button to close the Certificate Download dialog box
  11. Click the "OK" button to close the Certificate Manager dialog box
  12. Click the "OK" button to close the "Options" dialog box

Procedure for Mozilla Firefox on Apple Macintosh:

  1. Obtain a copy of the BGSU Root CA Certificate
  2. Launch Firefox
  3. Select "Preferences" from the "Firefox" menu
  4. Click on the "Advanced" icon
  5. Click on the "Security" tab
  6. Click on the "View Certificates" button
  7. Click on the "Authorities" tab
  8. Click on the "Import" button
  9. Select your copy of the BGSU Root CA Certificate file in the dialog box
  10. Click the check box labeled "Trust this CA to identify web sites"
  11. Click the "OK" button to close the Certificate Download dialog box
  12. Click the "OK" button to close the Certificate Manager dialog box
  13. Close the Advanced Preferences window

Procedure for Safari on Apple Macintosh: 

  1. Obtain a copy of the BGSU Root CA Certificate  
    Note: You will need to download the ZIP'ed version, or else the browser opens the file as a text page within the browser window.  After decompress, the filename should be "BGSU-CA.crt"
  2. If Safari is still running, quit it
  3. Run the "Keychain Access" application found in Applications/Utilities
  4. Select "Import" from the "File" menu
  5. Select "X509Anchors" from the "Keychain" drop-down at the bottom of the window
  6. Select the copy of the BGSU Root CA Certificate you downloaded in the first step and click on the "Open" button
  7. Since you are updating the system X509 Keychain, you will be prompted for your administrator credentials to verify your permissions to make the update
  8. Quit the "Keychain Access" application , and restart Safari