Securing Communications with SSL

Published: March 12th, 2012

Category: Computer Help, Remote Access

Overview

This document describes how to configure your computer for more secure communications with PHHP servers.

The College of Public Health and Health Professions uses technology call Secure Sockets Layer (SSL) to secure traffic to and from many of its servers. A critical piece of SSL is a specially crafted bit of data called a digital certificate or “cert”. It is used to identify a server and secure its communications. Each of our servers has one or more of these digital certificates.

Tying all of these digital certificates together is something called a root certificate or “root cert”. The root cert is used to sign all of the other digital certificates so as to say “these are legitimate certificates”. If you tell your web browser that you trust a given root cert, it will trust any certificate signed by that root cert. In this way you can reduce the number of security alerts you receive when visiting secure PHHP sites.

Installing the PHHP Certificate

Installing the PHHP Certificate is fairly straightforward. Click the link below and follow the instructions that follow for your web browser.

On Windows and Mac OSX systems as well as within some Linux systems, accepting the root certificate will make it available to many if not all programs that support SSL. For example Outlook, Firefox, and Internet Explorer all use the same list of digital certificates.

You will need to install the PHHP Root Certificate on each computer where you would like to use secure services. That said, you will only have to do this once on a given computer.

Install the PHHP Root Certificate

Internet Explorer on Windows

  1. Click on ‘Install the PHHP Root Certificate’.
  2. On the dialog box that appears, click on the “Open” button. (Windows XP will save the certificate file to disk first).If Internet Explorer tells says “This is an invalid Security Certificate file.”, save the file to disk, open Windows Explorer, double-click on the file and proceed.
  3. Click on the ‘Install Certificate…’ button in the window that opens.
  4. Accept the Certificate Installation Wizard’s defaults. Internet Explorer will offer many warnings that you should not accept this certificate, but you should.
  5. Repeat the above steps by clicking on ‘Install the UFL Root Certificate’ to install the UFL Root Certificate.

Mozilla/Netscape

  1. Click on ‘Install the PHHP Root Certificate’.
  2. On the dialog box that appears, check all three boxes:
    • Trust this CA to identify web sites.
    • Trust this CA to identify email users.
    • Trust this CA to identify software developers
  3. Click the “OK” button.
  4. Repeat the above steps by clicking on ‘Install the UFL Root Certificate’ to install the UFL Root Certificate.

Mac OSX (10.3 and higher) Keychain

  1. Download the Root Certificate and save it as a file
  2. Double click on the phhp-ca.crt file.
  3. Select X509 Anchors from the drop down list in the import window
  4. Click on the ‘Install Certificate…’ button.
  5. Repeat the above steps to install the UFL Root Certificate, changing the PHHP references where appropriate.

Eudora

  1. Download the Root Certificate and save it as a file
  2. Double click on the phhp-ca.crt file.
  3. Within Eudora select SSL. To do this, from the Personalities Window, Right Click on the Personality in question and select
          Properties -> Incoming Mail -> Last SSL Info
  4. Go to the Certificate Manager and select the SSL Certificate in question. Click Add to Trusted.
  5. Repeat the above steps to install the UFL Root Certificate, changing the PHHP references where appropriate.

Other browsers and programs

Other browsers and email programs may require similar but slightly different steps. Please see your product’s online help for assistance with importing a digital certificates.