C-Line Key Route Train

What Are Server Certificates

When you visit a secure web site, your web browser checks the site's credentials based on information contained in it's server certificate. Generally, that certificate is issued by one of a handful of Certificate Authorities which have made deals with web browser manufacturers to be 'trusted'. They are trusted by having their root certificate installed in your web browser.

These trusted Certificate Authorities can then tell you wether a site is who it claims to be. This is sort of like a liquor store trusting your state issued Driver's license to have the correct age. It is possible that your Student ID card has your age, but the liquor store probably won't accept it...they may not have even heard of your school, let alone know that they IDs are secure and hard to alter. A root certificate is like the liquor store having examples of IDs and assurances that the IDs are hard to alter.

Why isn't Keyroute.net's Trusted

Because there are very few root certificates installed in web browsers by default, Certificate Authorities can charge pretty much anything they want. For keyroute.net, I decided to use a non-profit organization to provide my certificate. Keyroute.net members can easily install a new root certificate in their browsers and then not have to worry.

Installing the Certificate

Safari (Mac OS X)
  1. Download the certificate from CA Cert.
  2. Go to the CA Cert Root Certificate Fingerprint Page.
  3. Double click on the file cacert.crt which you just downloaded
  4. In the 'Add Certificate' Keychain dialog box, choose the 'X.509 Anchors' keychain and click OK.
  5. Verify that the fingerprints match
  6. Enter your administrator password when asked
  7. Re-Start Safari
Explorer (Windows)
  1. Download the certificate from CA Cert.
  2. Go to the CA Cert Root Certificate Fingerprint Page.
  3. Choose 'Open' then 'Install Certificate' once you have selected what you downloaded
  4. Verify that the fingerprints match and then approve the certificate addition
  5. Re-Start Internet Explorer
There is an annoying bug with Explorer. You are required to add a password to add a certificate and then the first visit to a secure site every browser session you will be asked for your password. If you still want to do this, follow these directions.
  1. Control click this certificate link to 'Download Link to Disk'
  2. Rename the file cacert.cer (instead of .der)
  3. Within Internet Explorer, go to CA Cert to view the IE Thumbprint
  4. Choose 'Open File' from the 'File' menu and select the cacert.cer file you downloaded
  5. If the thumbprint shown matches that on the CACert page, then check the appropriate boxes and choose 'Accept'
  6. You will be asked to add a password (twice, then you will be asked for it to add the certificate)
  7. Restart Internet Explorer

Directions for other browser can be found on CA Cert's Root Certificate page.