Access Keys:
Skip to content (Access Key - 0)

Certificates Landing Page

On this page:


Certificates are used to authenticate you to web services at MIT. Some sites use certificates directly and others as a way to authenticate with our Touchstone Authentication system. They are a safe way for our web applications to identify you without you needing to type in a username and password. Certificates expire once per year, creating the need to renew them at least this often. They must be installed on each browser for each computer that you plan on using to access certificate-protected sites.

Get Certificates

Using CertAid (Recommended)

IS&T strongly recommends using CertAid to configure your certificates for Chrome, Internet Explorer, and Safari. It manages the entire certificate setup procedure, giving you a more reliable installation experience. The setup procedure includes installing the MIT CA as well as your personal certificate, optionally deleting old certificates, and setting the correct identity preferences via a single, graphical application.

CertAid does not run on mobile devices (i.e., Safari)

If you have not changed your password in the last year, you will need to do so before you can get certificates. Certaid will give you an error saying you're not logged in if you need to update your password.


Mac OS X

Without CertAid

  1. Go to MIT's certificate server website to get the certificates.
    Landing page for certificate server website.
  2. Enter your Kerberos username, password, and MIT ID, then click Next.
  3. The next page will have settings related to the security key. Leave the default values and click Next.
    Second page of MIT's certificate website
  4. The certificate will be installed by the browser.
    • If on Chrome, a bar at the top of the page will appear saying "Successfully stored client certificate issued by Massachusetts Institute of Technology". This means that the personal certificate from MIT has been installed in your browser.
    • If on Firefox, a popup saying "Your personal certificate has been installed" will appear. Click OK to continue.
  5. Click on the link where the website says "Click to install the MIT Certificate Authority". This will download file called "mitca.crt".
    Third page of MIT's certificate website
  6. Click on the downloaded file. This will open a window. Click Import to complete the certificate setup.

Mobile Devices

Deleting Old Certificates

IS&T Strongly Recommends Deleting Your Old/Expired Certificates
Old certificates can confuse browsers and web-sites causing them to fail to authenticate you properly with your active certificates.

If you need to retain access to old user certificates, e.g., for access to encrypted mail, you should export them from your browser and save them for use with your legacy items.


For More Information

Still Need Help?

Send an email to the IS&T Service Desk or call us at 617 253-1101.

IS&T Contributions

Documentation and information provided by IS&T staff members

Last Modified:

March 03, 2020

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
c-certificates c-certificates Delete
certificates certificates Delete
certificates_at_mit certificates_at_mit Delete
certificate certificate Delete
install_certificates install_certificates Delete
remove_certificates remove_certificates Delete
renew_certificates renew_certificates Delete
ie ie Delete
internet_explorer internet_explorer Delete
firefox firefox Delete
safari safari Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
This product/service is:
Easy to use
Difficult to use

This article is:
  1. Dec 20, 2018

    For KB's on the newer versions of Certaid Please see these.

    CertAid 2.2.5 for Windows

    CertAid 2.2.5 for Mac

Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki