Redirection Notice
This page should redirect to MIT SECURE Wireless Certificate Fingerprints.

MIT Secure Wireless Certificate Fingerprint

The certificates used to authenticate MIT kerberos account holders to the MIT secure wireless networks (MIT SECURE) were changed on the 4th of June 2017.

As a result, computers connecting to the MIT secure wireless networks after the switch may receive a prompt to trust a new certificate before completing the connection.

Users should only receive the prompt once or twice. If you continue receiving the prompt, please contact the IS&T Service Desk.

Answer

It is important to verify that the server name (in this case "wireless-radius-1.mit.edu" and "wireless-radius-2.mit.edu") as well as the certificate signing authority (in this case "GeoTrust SSL CA") match before continuing. If they do not match, do not continue to connect and contact the IS&T Help Desk.

Cyber criminals may attempt "man-in-the-middle attacks" by creating fraudulent wireless networks made to look like MIT SECURE. Fraudulent networks won't present the correct certificate(s). You can verify the correct certificates by looking at the fingerprints.

Current as of June 5th 2017
oc11-wireless-radius-1.mit.edu or w92-wireless-radius-1.mit.edu
Signed by InCommon Server CA with a root CA of AddTrust External CA Root.
Fingerprints:
SHA-1: 50 1A 0D 30 FE E6 00 E5 25 15 68 22 9B FE F8 B2 5A BE 2D 1B
SHA-256: 65 96 6C 4F FB BD 16 71 FF F6 B3 FA EF 9F 26 2E CF 97 E9 97 32 93 DF 45 8B 09 44 D0 8F 80 AE 7E

wireless-radius-2.mit.edu
~~91 A2 98 D0 98 4E 0A 59 E1 4A CD B4 9F F4 26 A2 44 25 E4 86~~
Signed by GeoTrust SSL CA.