All CSC and ACSS facilities that require users to provide their Kerberos passwords are set up over secure TLS/SSL encrypted channels. Examples of such facilities are web-pages using the https protocol , 802.1x authentication for wired or wireless networks, ssh logins , VPN connections, email access through imaps and SASL authentication for smtp .
Setting up of encrypted TLS/SSL connections require the server to present SSL certificates to the client, so that the client may authenticate the server. This is to prevent against possible man in the middle attacks . Please note that accepting a server certificate without verifying its authenticity makes an user vulnerable to attacks.
IITD uses self-signed certificates for some servcies whereas it uses GlobalSign,Letsencrypt,Entrust Certficates from Wifi/Mail services (see https://www.globalsign.com https://letsencrypt.org/ and https://www.entrust.com) . Wifi/802.1x Network access as well as Mail clients and web browsers may ask to examine and accept these certificates every time on start up. The users are requested not to make it a practice of accepting such certificates. Instead, the users may download the IITD CA certificate and install it as a valid CA (certificate authority ). The CA certificate can be installed through the Preferences->Advanced->Certificates tabs. You may require the IITD CA Certificate in DER format for some systems.
In most operating systems & browsers the GlobalSign,letsencrypt X3 CA and Entrust CA should be already available.If required you may download and install GlobalSign CA from here GlobalSign Certificate , Let’s Encrypt Authority X3 (IdenTrust cross-signed): [pem ] [der ] or from here Letsencrypt X3 Intermediate certificate and Entrust CA from here Entrust Bundled Certificate .
Please see HowTo: Import the CAcert Root Certificate into Client Software for details (follow the procedure outlined in this link, but use Letsencryp X3/IITD's CA certificate instead of CAcert's).
To Install Certificates one can follow the following snapshots
- Firefox for Microsoft Windows
- Google Chrome for Microsoft Windows
- Firefox for Ubuntu (Linux)
- Google Chrome for Ubuntu (Linux)
- Apple MAC Os
IITD self-signed certificates for CA with validity upto Jun 22 05:28:29 2029 GMT are:
SHA1 Fingerprint=88:f6:de:a8:a3:b1:72:1c:3f:d3:47:f2:38:d3:08:17:d2:58:67:e5MD5 Fingerprint=b0:2a:b7:2c:7a:27:08:a8:62:f0:a4:c6:d4:4a:25:d5
SHA1 Fingerprint=4a:f3:9d:ef:c7:5f:f8:5b:fc:42:ce:21:1b:c8:9f:08:09:2b:00:6bMD5 Fingerprint=15:54:db:e6:88:2f:dc:1c:0f:c2:2a:ae:0a:08:ce:5e
Last Updated on Tuesday, 15 October 2019 11:01