On this page:
Certificates are used to authenticate you to web services at MIT. Some sites use certificates directly and others as a way to authenticate with our Touchstone Authentication system. Certificates are a safe way for our web applications to identify you without you needing to type in your Kerberos username and password. Certificates expire once per year, creating the need to renew them at least this often. They must be installed on each browser for each device that you plan on using to access certificate-protected sites.
|If you have not changed your password in the past year, you will need to do so before you can get certificates. Certaid will give you an error saying you're not logged in if you need to update your password.
If your Windows computer is on the MIT domain and you are not on campus, please refer to this article about changing your password to make sure you will be able to log into your computer with your new password. For more information, see: Remote Domain Computers and Password Changes.
IS&T strongly recommends using CertAid to configure your certificates for Chrome, Internet Explorer, and Safari. CertAid manages the entire certificate setup procedure, giving you a more reliable installation experience. The setup procedure includes installing the MIT CA (Certificate Authority) as well as your personal certificate, optionally deleting old certificates, and setting the correct identity preferences via a single, graphical application.
|CertAid does not run on mobile devices (i.e., iOS and Android devices)|
CertAid will not install a Personal Certificate into Firefox
- Internet Explorer, Edge, & Chrome CertAid 2.2.6 for Windows
- Safari & Chrome: CertAid 2.2.6 for Mac
- Install and Delete MIT Personal Certificate in Firefox- For both Windows and macOS
- Installing Root and Personal Certificates on iOS
- Installing Root Certificates on Android When Firefox Fails to Generate a Private key
- Nexus Add & Remove Certificates
- Installing Certificates with Android 7.x or Higher
|IS&T Strongly Recommends Deleting Your Old/Expired Certificates|
Old certificates can confuse browsers and web-sites causing them to fail to authenticate you properly with your active certificates. The easiest way is to use Certaid (see above).
If you need to retain access to old user certificates, e.g., for access to encrypted mail, you should export them from your browser and save them for use with your legacy items.
- Delete MIT Personal Certificates in Chrome for Windows
- Delete MIT Personal Certificates for Safari or Chrome on Mac OS X
- Delete MIT Personal Certificates in Internet Explorer
- Delete MIT Personal Certificates in Firefox
- Test Your Certificate
- Troubleshooting Certificates in Internet Explorer (Windows)
- Troubleshooting Certificates in Safari (Mac OS X)
- Troubleshooting Certificates in Firefox (Windows, Mac OS X, and Athena/Linux)
- Firefox personal certificate error - Your browser failed to generate a key
- Google Chrome "Your browser failed to generate a key" error
- Certificate Not Valid Error - Certificate Test Fails
- Why is CertAid not responding on my computer?
- "A client certificate was invalid or not provided." - Mac error message
- What to do if a browser or App is prompting for a password after updating my certificate?
Send an email to the IS&T Service Desk or call us at 617 253-1101.