Home Team Releases Testing Participate Communications CertAid Introduction CertAid is a tool for Mac OS X that will fix certificate problems users may see with some MIT websites when running Safari on Mac OS X 10.5.4 or later. After renewing or getting a new personal certificate, users will need to update their settings by running CertAid again. [Back to top] Instructions Download CertAid. Double-click the disk image to mount it. Launch CertAid by double-clicking on the icon. Click Update List to download current list or websites to configure. Result: You should see a message confirming successful download. Enter your Kerberos username in the Kerberos Principal field. Click Set Certificate Preferences. If you have more than one personal certificate installed, you will be prompted to select which one to use. Select and click Choose. Result: You should see a message confirming successful creation of the certificate preferences. In the confirmation window, click OK. In the CertAid main window, click Close. [Back to top] Details 10.5.3 changed Safari's behavior so that the users are prompted to select a certificate before sending it to a web server. The first time a user makes this choice, an identity preference is set in the user's keychain, linking the certificate to that web page. Unfortunately, this change introduced a bug that prevented Safari from connecting to certain websites that required a personal certificate. Apple fixed this issue in 10.5.4, but instead of being prompted to select a certificate, the user must manually configure the identity preference for such website. CertAid simplifies this process by configuring identity preferences for a list of MIT websites that are known to be problematic. [Back to top]

Trouble Shooting

If after running this tool, you are still unable to connect to a website listed below, launch Keychain Access and delete any identity preferences that may be set for the website, then re-run CertAid.

[Back to top]

List of Website

Below is a list of website that CertAid will configure:

• Dspace (9/26/2008)
  • http://dspace.mit.edu
• Baker House (9/23/2008)
  • https://baker.mit.edu
• Physics Gradbook (9/10/2008)
  • https://gluonsandquarks.mit.edu
  • https://gluonsandquarks1.mit.edu
• Career-Fair (9/8/2008)
  • https://career-fair.mit.edu
• Department of Facilities Maps & Floor Plans (8/26/2008)
  • https://facilities-db.mit.edu
• GovConnection Personal Orders via ECAT3 (8/22/2008)
  • https://client.pcconnection.com
• Commuting Services (7/30/2008)
  • https://commuting.mit.edu
• Spamscreen (7/23/2008)
  • https://nic.mit.edu
  • https://nic-too.mit.edu
• JIRA (7/15/2008)
  • https://jira.mit.edu
• Library Proxy Servers (7/11/2008)
  • https://libproxy.mit.edu
• Scripts Server (7/11/2008)
• https://scripts.mit.edu:444
• https://scripts-cert.mit.edu
• SIPB (7/11/2008)
• https://xvm.mit.edu:443
• https://xvm.mit.edu:446
• Student Extended Insurance Plan (7/11/2008)
• https://www.universityhealthplans.com/mit
• Student Information Systems (7/11/2008)
• https://sisapp.mit.edu
• https://mitsis-sso.mit.edu
• Web Servers (7/8/2008)
  • https://web.mit.edu
  • https://wserv.mit.edu
• VOIP (7/8/2008)
  
  • https://voip.mit.edu
  • https://sylantr.mit.edu
• Wiki Server (7/8/2008)
  • https://wikis.mit.edu
• TechTime Calendar (7/8/2008)
  • https://calendar.mit.edu:444
• Request Tracker (7/8/2008)
  • https://help.mit.edu
• SAPWeb (7/8/2008)
  • https://sapndi-prd0.mit.edu
    
  • https://ps1its.mit.edu
  • https://insidemit-apps.mit.edu
• Stellar (7/8/2008)
  • https://stellar.mit.edu
• ECAT3 (7/8/2008)
  • https://solutions.sciquest.com/apps/Router/ExternalAuth/Certificate/MIT
• Citrix (7/8/2008)
  • https://citrix.mit.edu
• Mailing Lists (7/8/2008)
  • https://mailman.mit.edu:444

To request that a website or URL be added to this list, contact swr-core@mit.edu.

[Back to top]

Change Log

1.0.2

• In order to setup identity preferences for newly installed certificates, all existing IPRFs are created on each run, even if they already exist.
• Includes several new URLs in default list.
• Version numbers now correctly reflect current version in app and in Finder.
• Made several minor UI tweaks.

1.0.1

• Added code to update settings file from remote location at launch.
• Updated SiteSettings.plist to include preference for remote location (URL).
• Changed behavior to create IPRFs for 2 versions of each domain: one with and one without a trailing slash. Either format is acceptable in SiteSettings.plist, but only one is needed. CertAid will generate the other automatically.
• Changed error messages to be less confusing.
• Added progress indicator while IPRFs are being created.
• Spun IPRF creation code off into separate thread to keep progress bar running smoothly.

1.0

• Intitial Public Release

[Back to top