All CSC and ACSS facilities that require users to provide their Kerberos passwords are set up over secure TLS/SSL encrypted channels. Examples of such facilities are web-pages using the https protocol , 802.1x authentication for wired or wireless networks, ssh logins , VPN connections, email access through imaps and SASL authentication for smtp .
Setting up of encrypted TLS/SSL connections require the server to present SSL certificates to the client, so that the client may authenticate the server. This is to prevent against possible man in the middle attacks . Please note that accepting a server certificate without verifying its authenticity makes an user vulnerable to attacks.
IITD uses self-signed certificates for some internal servcies whereas it uses GlobalSign for WiFi/802.1x, and use Entrust Certficates for Mail services (see https://www.globalsign.com and https://www.entrust.com) . In the absence of certificates WiFi/802.1x Network access, Mail clients and web browsers may ask to examine and accept these certificates every time on startup. The users are requested not to make it a practice of accepting such certificates. Instead, the users may download the IITD CA certificate and install it as a valid CA (certificate authority ). The CA certificate can be installed through the Preferences->Advanced->Certificates tabs. You may require the IITD CA Certificate in DER format for some systems.
In most operating systems & browsers the GlobalSign, and Entrust CA should be already available.If required you may download and install GlobalSign CA from here GlobalSign Certificate , and Entrust CA from here Entrust Bundled Certificate .
Please see HowTo: Import the CAcert Root Certificate into Client Software for details (follow the procedure outlined in this link, but use Letsencryp X3/IITD's CA certificate instead of CAcert's).
To Install Certificates one can follow the following snapshots
- Firefox for Microsoft Windows
- Google Chrome for Microsoft Windows
- Firefox for Ubuntu (Linux)
- Google Chrome for Ubuntu (Linux)
- Apple MAC Os
IITD self-signed certificates for CA with validity upto Jun 22 05:28:29 2029 GMT are:
SHA1 Fingerprint=88:f6:de:a8:a3:b1:72:1c:3f:d3:47:f2:38:d3:08:17:d2:58:67:e5MD5 Fingerprint=b0:2a:b7:2c:7a:27:08:a8:62:f0:a4:c6:d4:4a:25:d5
SHA1 Fingerprint=4a:f3:9d:ef:c7:5f:f8:5b:fc:42:ce:21:1b:c8:9f:08:09:2b:00:6bMD5 Fingerprint=15:54:db:e6:88:2f:dc:1c:0f:c2:2a:ae:0a:08:ce:5e
Last Updated on Tuesday, 15 October 2019 11:01