Certificates for Secure Services

Many of Brown CS's online services are being offered via the web. Many of these services come from secure web servers that limit access to authorized users and encrypt the data during transmission.

Certificates

Every secure web service has a unique security certificate that identifies the server and allows your browser and this server to create a secure connection. Brown CS employs two types of security certificates, those signed by an external entity and those signed by our own CA (Certificate Authority).

Externally signed certificates are used by servers providing services to people outside the department. These certificates are issued by a CA known to most browsers and, therefore, will be automatically trusted by the browsers. Unfortunately, these certificates are not free and must be renewed on an annual basis. If you are developing a web application intended for an outside audience, i.e. to facilitate a faculty search, Tstaff can help with the acquisition of a certificate. The certificates will be purchased through CIS, a process that can take some time. Please be sure to contact Tstaff at problem@cs.brown.edu with plenty of lead time, so we can ensure a timely delivery of the web certificate.

Brown CS signed certificates are used for services we provide that are only intended to be used by members of the Brown Community. These certificates are trusted after you tell your browser about the Brown CS CA.

The Brown CS CA

The Brown CS CA authenticates the certificate of the secure service to your browser or email client. Download the Brown CS CA here.

Secure Web Services

Mozilla/Firefox: Clicking the above link will produce a popup window asking you whether or not to trust the new CA. You can view the certificate to ensure it is issued by Brown University, Dept. of Computer Science. Once you have reviewed the CA, check all the boxes about trusting the certificate and click OK.

Internet Explorer: Clicking the above link will produce a popup window asking you what to do with the security certificate. Click on the "open" button, which will open a new certificate window. Review the certificate to ensure it is issued by Brown University, Dept. of Computer Science. Once you have reviewed the CA, click on the "install certificate" button. Accept the defaults, so the certificate is installed in your browser.

Secure Email Services

As with secure web services, secure email services make use of certificates to identify the servers to your email client. If you use a tightly coupled browser/email client, following the steps above to install the Brown CS CA into your browser will also update your email client. Widely used email clients that fall into this category include Mozilla Mail and Outlook. Instructions for other clients can be found here.

If you use a different email client, then you will need to import the Brown CS CA certificate. For instance, to import the certificate into the Thunderbird email client:

Importing the Brown CS CA into other email clients should follow a similar procedure outlined above for Thunderbird.

Importing CD Dept. certificates to an IPhone

The CS department makes heavy use of self-signed certificates. While the certificates are valid, they aren't signed against a well known entity, so the iPhone won't know about them automatically. If you are tired of being prompted to trust the certificates, then you can import the CS root certificate by:

  1. See the instructions above on how to download the CS root certificate.
  2. Email a copy of the certificate to yourself and open it in the mail app on the iPhone
  3. When you click on the attachment, the phone will ask you whether or not you want to install the certificate, click on Install
  4. Confirm you want to install it by clicking on Install Now