Get an MIT certificate


      

      

Your new certificate will be saved as a PKCS #12 archive encrypted with your specified download password. You can then import this *.p12 file into your favorite browser.

Browser instructions: on Open the downloaded *.p12 file, and follow the steps of the Certificate Import Wizard. Save the *.p12 file, then import it at Settings → Advanced → Manage certificates → Your Certificates → Import. Save the *.p12 file, then import it at Options → Advanced → Certificates → View Certificates → Your Certificates → Import. Save the *.p12 file, then import it at Preferences → Advanced → Certificates → View Certificates → Your Certificates → Import. Open the downloaded *.p12 file, and follow the prompts to install your certificate. Open the downloaded *.p12 file, and follow the prompts to add your certificate to the login keychain.

How does this work?

This uses the forms provided on ca.mit.edu and ca.csail.mit.edu to obtain certificates and let you to download and import them, even if your browser lacks <keygen> support.

As a workaround for the absence of CORS headers on these servers, CertAssist uses a JavaScript TLS library to make an end-to-end encrypted and authenticated HTTPS connection to them. The encrypted connection is relayed over a WebSocket proxy on this server that does not need to be trusted (but is itself encrypted anyway, because it might as well be).

The downloaded certificate file is delivered from the client side using createObjectURL, a data URL, or msSaveOrOpenBlob, depending on browser support.

This design ensures that your private information is only visible to your browser and ca.mit.edu or ca.csail.mit.edu, and is not exposed to this server.