Certificates Landing Page

On this page:

Overview

Certificates are used to authenticate you to web services at MIT. Certificates are a safe way for our web applications to identify you without you needing to type in your Kerberos username and password. Certificates expire once per year, creating the need to renew them at least this often. They must be installed on each browser for each device that you plan on using to access certificate-protected sites.

Get Certificates

If you have not changed your password in the past year, you will need to do so before you can get certificates. Certaid will give you an error saying you're not logged in if you need to update your password. If your Windows computer is on the MIT domain and you are not on campus, please refer to this article about changing your password to make sure you will be able to log into your computer with your new password. For more information, see: Remote Domain Computers and Password Changes.

Android

• Installing Certificates on Android

iOS

• Installing Root and Personal Certificates on iOS

Using CertAid (Windows and Mac)

IS&T strongly recommends using CertAid to configure your certificates for Chrome, Safari, and Firefox 90 and above. CertAid manages the entire certificate setup procedure, giving you a more reliable installation experience. The setup procedure includes installing the MIT CA (Certificate Authority) as well as your personal certificate, optionally deleting old certificates, and setting the correct identity preferences via a single, graphical application.

CertAid does not run on mobile devices (i.e., iOS and Android devices)

• Change your password
• Reset forgotten password
• Install/Renew Certificates with CertAid

Windows

• Edge, Chrome, and Firefox 90+: CertAid 2.2.6 for Windows

  Microsoft Edge needs to at least be installed on the Windows machine in order to fully run.

MacOS X

• Safari, Chrome, and Firefox 90+: CertAid 2.2.6 for MacOS

Other

• Manually Install and Delete MIT Personal Certificate in Firefox- For both Windows and MacOS

Deleting Old Certificates

IS&T Strongly Recommends Deleting Your Old/Expired Certificates Old certificates can confuse browsers and web-sites causing them to fail to authenticate you properly with your active certificates. The easiest way is to use Certaid (see above).

If you need to retain access to old user certificates, e.g., for access to encrypted mail, you should export them from your browser and save them for use with your legacy items.

• Delete MIT Personal Certificates in Chrome for Windows
• Delete MIT Personal Certificates for Safari or Chrome on Mac OS X
• Manually Delete MIT Personal Certificates in Firefox

Troubleshooting

• Test Your Certificate
• Certificate Not Valid Error - Certificate Test Fails
• [Why is CertAid not responding on my computer?]
• "A client certificate was invalid or not provided." - Mac error message
• What to do if a browser or App is prompting for a password after updating my certificate?

For More Information

• What is an MIT personal web certificate?
• What is stored in an MIT Personal Certificate?
• MIT Sites That Require Certificate Authentication

Still Need Help?

Send an email to the IS&T Service Desk or call us at 617 253-1101.