Install and Renew Certificates in Safari on Mac OS X 10.6

This page will guide you through the installation and renewal of certificates in Safari 4 on Mac OS X 10.6.

Install the MIT CA (Certificate Authority)

If you are viewing this page with Safari, click on the following link to download the certificate: MIT CA
Alternatively, paste the following URL into Safari: http://ca.mit.edu/mitca.crt.
Result: This downloads the file "mitca.crt" to Safari's default Downloads folder in the your home directory (unless you specified another default location).
Navigate in the Finder to userhome >> Downloads.
Double-click mitca.crt to open.
Keychain Access opens and prompts for where to store the certificate.
Select the System keychain and press OK
Enter your Mac OS X login password and click OK. You must have administrator privileges on the computer.

If you are not an administrator on the computer, you will receive the following message. You will need a user who is an administrator on the computer to install the CA.
You will be prompted to set the trust settings for the certificate. Click Always Trust.
Enter the Mac OS X login password.

Result: The MIT CA is added to the Keychain.

Navigate, in Safari, to https://ca.mit.edu/ca.
Enter your credentials and click Next.
On the page Generate a Private Key, leave the Key Size at the highest grade for your browser.
The Certificate Lifetime gives the default number of days until this personal certificate expires.
Click Next to accept the defaults.

Result: A confirmation page indicates that the certificate has been installed.

Navigate, in Finder, to Applications >> Utilities >> Keychain Access.
Double-click to open Keychain Access.
Select the login keychain, and then select My Certificates from the list in the lower pane.
If you do not have a list in the lower pane, with All Items, Certificates, Passwords..., press the button in the bottom left of the Keychain Access window. Your window should look like the image below:
Highlight any expired or duplicate certificates.
Follow the menu path Edit >> Delete, or press the delete key on your keyboard.
Result: A popup windows prompts to confirm deletion of the certificate. Click Delete.
Confirm that you have one, non-expired personal certificate.

Navigate in the Finder to Applications >> Utilities >> Keychain Access.
Double-click Keychain Access to open it.
Select the login keychain from the list in the top of the left pane.
In the Category section, select All items.
If you do not see a second list in the left pane, press the button at the bottom left corner of the Keychain access window.
Click the column label "Kind" to sort the items by kind.
Select to highlight all identity preferences. Your Keychain Access window should be similar to the following:
If you do not see any identity preferences listed, skip to the next section, Run CertAid.
Follow the menu path Edit >> Delete, or press the Delete key on your keyboard to remove the identity preferences.
When prompted, click Delete.

From Safari, click to download CertAid.
Alternatively, paste the following link into Safari: http://ist.mit.edu/services/software/certaid/10x.
When the download is complete, double-click the CertAid disk image to mount it.
Open a Finder window and select the disk MIT CertAid 1.0.2
Double-click the CertAid icon to launch the application.
When prompted, click Update List.
Enter your Kerberos username and click Set Certificate Preferences.

Result: Progress bar is displayed.
Click OK, then Close. For more information about CertAid, see the following page http://ist.mit.edu/services/software/certaid/10x

Not what you're looking for?