On this page:
Follow these steps to install/renew your certificates for use in Safari and Chrome on Mac OS X 10.10 and newer.
|CertAid will not successfully install on versions prior OS X 10.10|
- Download and launch CertAid.
Note: Install any updates if prompted. If you receive a message that states "Certaid can't be opened because the identity of the developer cannot be confirmed", please go to this link: Mac OS X - Identity of developer cannot be confirmed
Result: The Welcome to CertAid screen is displayed.
- Select Request or renew an MIT certificate and click Continue.
Result: The Verify Your Identity screen is displayed.
- Enter your Kerberos username and Kerberos password, select your two-factor (Duo) authentication option, and click Continue.
Result: If you used the "Duo Push," "SMS Passcode" or "Call Me" option, you will receive a push notification or call. If you used a Duo or Yubikey passcode, proceed to step 5.
- Complete your Duo two-factor authentication by accepting the push or entering the code you're given by SMS or phone call.
Result: The Request Certificate screen is displayed.
- Enter a Certificate Life, or leave the default value (the maximum certificate life), and click Continue.
Note: Most users should accept the default value.
Result: The Install Your Certificates screen is displayed.
Note: If CertAid finds one or more existing certificates, you will be asked if you want to delete them. If you have used S/MIME for email encryption, do not delete your certificates. For more information, see Should I Delete My Old or Expired Personal Certificate?.
Note: If you are prompted for a keychain password on each certificate added during this step (not just once or twice), manually remove all mit.edu trusted site entries from the users keychain and try again.
- The Install Your Certificates window displays the progress of installing the MIT Certificate Authority and your personal certificate. Once these steps are completed, click Continue.
Result: The Identity Preferences screen is displayed.
- The Identity Preferences window displays the progress of configuring your personal certificate to work with certain certificate-protected MIT websites. Once completed, click Done.
Result: CertAid quits.
- The first time you attempt to use your new certificate, you will see this prompt. Click Always Allow. If prompted for a password, enter the logon password for the MacOS user account.
You must select Always Allow, otherwise this prompt will continually recur. This is often mistaken for a failed password entry attempt, but it is the expected behavior when Allow is clicked instead of Always Allow.