Access Keys:
Skip to content (Access Key - 0)

Set Firefox and-or Internet Explorer to prompt for a password for certificate-protected pages

Question

How can I set Firefox and/or Internet Explorer to prompt for a password before presenting my certificate to a certificate-protected page?

Answer

Firefox:

  1. Follow the menu path Tools > Options
  2. Select the Security tab
  3. In the Passwords section, select Use a Master Password

Internet Explorer:
The security level is locked to a certificate when the certificate is imported, so to set a password it is necessary to export a backup copy of your certificate, then delete your certificate, then import from the backup using "high" security settings.

The following outline lays out key points and important decisions, but is not a full step-by-step guide:

  1. Launch certmgr.msc
  2. Go to the folder Personal > Certificates
  3. Export:
    1. Right-click your certificate to open its context menu, and choose the action All Tasks > Export...
    2. On the second page of the Certificate Export Wizard, be sure to choose "Yes, export the private key"
    3. When prompted, enter a password to protect the export file.
    4. Save the file somewhere easy to find, like your Desktop.
  4. Delete:
    1. Back in the Certificates Manager (certmgr.msc), right-click your certificate and choose the action "Delete"
  5. Import:
    1. From the Action menu, choose "All Tasks > Import..."
    2. Find the PFX file that you saved to your Desktop. Note that Open dialogue is filtered to show .cer/.crt files by default, so you will want to change the filter to show .pfx/.p12 files.
    3. When prompted, enter the password that protects the export file.
    4. Be sure to turn on the checkbox to "Enable strong private key protection."
    5. Optional, you can choose to mark the key as exportable.
    6. When you finish the import wizard, you will be given an opportunity to "Set Security Level"
      1. Set to "High"
      2. In the "password for:" box, you can enter a friendly name such as MIT Personal Certificate (the default name is CryptoAPI Private Key)/
      3. In the "password" box, enter a special password for the certificate (not your kerberos password)
  6. Cleanup:
    1. Verify that IE can use your newly imported certificate to authenticate to MIT certificate-protected web pages.
      1. For example, click "Test your certificate" on the IST Certificate Test Page
    2. Remove the PFX backup file that was saved to your Desktop.

IS&T Contributions

Documentation and information provided by IS&T staff members


Last Modified:

July 19, 2012

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
c-certificates c-certificates Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki