RIT Certificate Authority
The RIT Certificate Authority, created and maintained by ITS, provides a chain of trust for electronic communications. It forms the basis of a public key infrastructure for services (particularly those protected with SSL/TLS encryption) of value to the campus.
We recommend that all RIT-owned computers import and trust the RIT Certificate Authority. Importing the certificate for the RIT Certificate Authority (CA) allows your computer to accurately identify other certificates that are chained from it. Trusting the imported CA certificate avoids presenting dialogs to you when it encounters a service that has been signed by it.
The RIT CA certificates may be imported and trusted on your personal computer, as well.
Install the certificates and set up trust
We provide standalone installer-based tools for you to import and trust the RIT CA. These are the easiest methods of importing and trusting the relevant certificates, so we recommend you use these installers if you have administrator-level privileges on your computer.
The installers import multiple RIT CA certificates and set up trust for the RIT CA itself in the operating system’s default certificate store:
- On Windows, this store is used by the operating system and the Microsoft Internet Explorer Web browser.
- On Mac OS X, the store is used by most applications, including the Apple Safari Web browser. The certificate store is available through the Keychain Access utility.
The installers do not currently affect third-party applications that do not make use of the operating system’s certificate store. The most common example is the Mozilla Firefox browser.
|For this operating system and hardware …||Download and install this installer …|
|Microsoft Windows XP, Vista, and 7
(32 and 64 bit editions)
|RIT Certificate Authority installer for Windows
Executable MSI installer
|Apple Mac OS X 10.5 or 10.6
(PowerPC or Intel)
|RIT Certificate Authority installer for Mac OS X
Disk image with package installer
The installers above are suitable for use on your own computer as well as managed RIT-owned computers. However, Microsoft Windows computers bound to either the MAIN or FINANCE Active Directory domains already trust the certificates and do not need to run the Windows installer linked above.
Manually import and trust the RIT Certificate Authority
If you do not have a computer or device compatible with the installer tools above, you can manually import the RIT CA files. Operating systems and Web browsers typically provide a way to do this.
Importing the certificates and trusting the RIT CA manually is one way to set up the RIT CA in certain third-party applications, such as Mozilla Firefox, that do not use the operating system certificate store.
Download bundled certificates
Download the RIT Certificate Authority certificates as a single “p7b” bundle if the installers above do not work for your system or device. This method works with the Microsoft Internet Explorer Certificate Import Wizard, for example.
|For the certificate bundle …||Download this file …|
|RIT Certificate Authority
(trusted root and intermediates)
|RIT Certificate Authority bundle.p7b
Download individual certificates
Download the RIT Certificate Authority certificates as individual “DER” files if the bundle does not work. The individual certificates work better for use with the Keychain Access utility on Mac OS X systems, for example, and can be double-clicked in the Mac OS X Finder.
If you get only one of the files below, be sure to get the “RIT Certificate Authority.cer” file, as that is the most important one — it’s the root certificate that you will want to trust.
|For this certificate …||Download this file …|
|RIT Certificate Authority
|RIT Certificate Authority.cer
|ITS Certificate Authority
|ITS Certificate Authority.cer
|RIT AD Certificate Authority
|RIT AD Certificate Authority.cer
Contact us for help
To request desktop support, please contact the ITS Service Desk via
- Phone - (585) 475-HELP
- TTY - (585) 475-2810
- E-mail - firstname.lastname@example.org
- In person - Gannett Building, Room 7B-1113