Skip to end of metadata
Go to start of metadata
Table of Content

Quickstart

(info) You should follow these steps only, if you get a security warning message upon viewing Jacobs University's web services.

Click on the following links in the order given to extend your web browser. You will be presented with message windows, please confirm all questions and activate all options:

  1. Deutsche Telekom Root CA 2
  2. DFN-Verein PCA Global - G01
  3. Jacobs University CA - G01

All secured web pages of Jacobs University can now viewed without security warning messages.

Full Details

Motivation

For securely viewing web pages, one has to rely on the assessment given by third parties, that the viewed page belongs to the rightful owner (authentication).

Since beginning of March 2007 we are participating in the DFN PKI Program to obtain 'SSL Certificates' for web servers. The underlying root certificate 'Deutsche Telekom Root CA 2' becomes more and more available automatically within the most common browsers. Current Windows systems have it installed automatically by updates; Firefox and Mozilla are planned to get them by updating in mid 2007.

But you might need to install this root certificate manually in your browser. You should use the opportunity to install also the DFN CA and the Jacobs University CA certificates.

Part of the following documentation is taken from http://wiki.cacert.org/wiki/BrowserClients and adopted to our needs.

Mozilla Firefox

(thumbs up) This is no longer required with Firefox 3.5 and newer.

Firefox uses it's own Certificate Manager. So even if your Windows (and other Microsoft) applications already use a root certificate Firefox still might not. The following procedure tells you how to import the certificates into your Firefox web browser.

  1. Click the links to import the Certificates
    • Click here to import the Deutsche Telekom Root CA 2
    • Click here to import the DFN-Verein PCA Global - G01
    • Click here to import the Jacobs University CA - G01
      You have been asked to trust a new Certificate Authority (CA).

      Do you want to trust "Deutsche Telekom Root CA 2" for the following purposes?
      
      [ ] Trust this CA to identify web sites.
      [ ] Trust this CA to identify email users.
      [ ] Trust this CA to identify software developers.
      
      Before trusting this CA for any purpose, you should examine its certificate
      and its policy and procedures (if available).
      
  2. You should click on VIEW to check the certificate. Most important is that you check the fingerprints of the certificate. They should match the following:

    Deutsche Telekom Root CA 2
    SHA1 Fingerprint = 85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF
    MD5 Fingerprint = 74:01:4A:91:B1:08:C4:58:CE:47:CD:F0:DD:11:53:08
    
    DFN-Verein PCA Global - G01
    SHA1 Fingerprint = F4:C5:38:C3:BB:99:4F:13:F8:FD:C2:40:B6:79:A6:4B:19:34:A1:B5
    MD5 Fingerprint = 5F:F5:C8:F2:20:37:8F:F8:8C:D0:21:AA:B3:0D:95:C4
    
    Jacobs University CA - G01
    SHA1 Fingerprint = DC:03:71:A5:4B:F8:56:A6:41:62:E2:57:08:0A:75:C0:B4:3B:A3:7C
    MD5 Fingerprint = 6D:A2:81:DE:20:25:AF:71:74:A5:0C:51:21:EC:93:D1
    
  3. Close the Certificate Viewer and tick all options.
  4. Press OK and that's it.

Apples Safari

To add the certificates to Apple Safari, we need to use the Keychain Access application which is shipped with Mac OS X.

To install the certificates system-wide, you need to follow these steps:

  1. Click the links to download the certificates
    • Click here to import the Deutsche Telekom Root CA 2
    • Click here to import the DFN-Verein PCA Global - G01
    • Click here to import the Jacobs University CA - G01
  2. Doubleclick on one of the downloaded certificate files. The Keychain Access application will be launched
  3. To check the certificate, click on the 'View Certificates' button on the left side of the dialog. A dialog with information about the certificate will pop up. Make sure the following values match:

    Deutsche Telekom Root CA 2
    SHA1 Fingerprint = 85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF
    MD5 Fingerprint = 74:01:4A:91:B1:08:C4:58:CE:47:CD:F0:DD:11:53:08
    
    DFN-Verein PCA Global - G01
    SHA1 Fingerprint = F4:C5:38:C3:BB:99:4F:13:F8:FD:C2:40:B6:79:A6:4B:19:34:A1:B5
    MD5 Fingerprint = 5F:F5:C8:F2:20:37:8F:F8:8C:D0:21:AA:B3:0D:95:C4
    
    Jacobs University CA - G01
    SHA1 Fingerprint = DC:03:71:A5:4B:F8:56:A6:41:62:E2:57:08:0A:75:C0:B4:3B:A3:7C
    MD5 Fingerprint = 6D:A2:81:DE:20:25:AF:71:74:A5:0C:51:21:EC:93:D1
    
  4. Select 'X509Anchors' from the 'Keychain' dropdownlist and press 'OK'.
  5. You will be asked to authenticate yourself. After that, the certificate will be installed system-wide.

Microsoft Internet Exporer

Should not be necessary

You do not have to import the certificates if your Microsoft Windows is updated regularly. The required certificates are already installed by Windows Update.

Install the certificates for single user

To install the certificates manually into Internet Explorer do the following:

  1. Click the links to download the certificates
    • Click here to import the Deutsche Telekom Root CA 2
    • Click here to import the DFN-Verein PCA Global - G01
    • Click here to import the Jacobs University CA - G01
  2. In Microsoft Internet Explorer, open the Windows Key Store: View -> Tools -> Internet Options -> Content -> Personal -> Certificates
  3. Import the Certificates you downloaded

This adds the certificates only for the current user

With this procedure you add the certificates only for the current user. The certificates have to be installed again for each user in your computer. Please follow the steps in the next section to install the certificates for all users on your computer

Install the certificates for all users

Be Careful!

The following instructions are only for experienced users. If you are not sure or you do not have any experience using the Microsoft System Console use the instructions to install the certificates for a single user

If you use more then one user account on your computer and you do not want to install the certificates for each user separately follow these instructions:

  1. Log in as an Administrator or with an user account with administrative privileges.
  2. Click the links to download the certificates
    • Click here to import the Deutsche Telekom Root CA 2
    • Click here to import the DFN-Verein PCA Global - G01
    • Click here to import the Jacobs University CA - G01
  3. Click the windows Start button and choose Run
  4. Type MMC, then hit Enter
  5. From the new window open the File menu and choose Add/Remove Snap-in...
  6. click the Add Button
  7. choose the certificates item from the listbox and click the Add Button
  8. choose the Computer Account radio button and click the Next Button
  9. choose the Local Computer radio button and click the Finish Button
  10. click the Close Button
  11. click the Ok Button
  12. expand the tree to view Trusted Root Certification Authorities node
  13. right click on the Trusted Root Certification Authorities
  14. find the All Tasks menu item then choose Import off that menu and click Next
  15. type in, or browse to certificate you want to insert and click Next
  16. verify that the radio box labeled Place all certificates in the following store is checked and that text box says Trusted Root Certification Authorities
  17. click Next and then Finish

At this point you should get a message saying the import was successful, and you can close the MMC window.

Google Chrome

Google Chrome uses the certificate store of the operating system, just like Microsoft Internet Explorer does. There is no need to install certificates.

Nokia S60 Phone

  1. Copy the above three certificate files onto the device, either by downloading from this teamwork web page, or by Active Sync.
  2. Rename all three files to end in .cer instead of .crt
  3. Open the file explorer on the device and tap each certificate file once, in the order the files are listed above: for each file, hit Save and a message will indicate that the certificate has been installed successfully.

Some phones strictly require the certificates in DER format. Here are the certificates in DER Format:

    • Click here to import the Deutsche Telekom Root CA 2 in DER Format
    • Click here to import the DFN-Verein PCA Global - G01 in DER Format
    • Click here to import the Jacobs University CA - G01 in DER Format

Windows Mobile 6

  1. Copy the above three certificate files onto the device, either by downloading from this teamwork web page, or by Active Sync.
  2. Rename all three files to end in .cer instead of .crt
  3. Open the file explorer on the device and tap each certificate file once, in the order the files are listed above: for each file, a message will indicate that the certificate has been installed successfully.

You can ensure the installation of the certificates in the Settings -> System -> Certificates. There will be one new Root certificate and two intermediate certificates.