The University of St Andrews Certificate Authority
What is a digital certificate?
A digital certificate is electronic accreditation that establishes your credentials when doing business or other transactions on the Web. It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Some digital certificates conform to a standard, X.509. Digital certificates can be kept in registries so that authenticating users can look up other users; public keys.
What is a Certificate Authority?
A Certificate Authority (CA) is a trusted third-party organisation or company that issues digital certificates. The CA guarantees that the holder of the digital certificate is who/what they say they are.
Why use encryption?
If data transferred between Web browsers and Web sites is not encrypted then anyone intercepting it during transmission will be able to read it. In most cases this is not a serious problem since the nature of the Web is such that most of the information available on it is meant to public. However a substantial and increasing amount of Web traffic is now private or confidential; for example, student information downloaded from the Data Warehouse, passwords supplied to services such as HotMail and credit card details given to e-commerce sites. It is very important that such data is encrypted during transmission in case someone is snooping. The most common method of encrypting data uses the protocol SSL (Secure Sockets Layer); Netscape Navigator, Firefox, Opera, Mozilla and Internet Explorer all support this protocol.
What is an SSL certificate?
An SSL Certificate consists of a public key and a private key. The public key is used to encrypt information and the private key is used to decipher it. When a browser points to a secured domain, an SSL handshake authenticates the server and the client and establishes an encryption method and a unique session key. As part of this process the Web site presents a digital certificate to the browser. This certificate is proof of identity of the site and will have been issued to it by a trustworthy Certificate Authority (CA). They can then begin a secure session that guarantees message privacy and message integrity.Digital certificates can be said to have been digitally signed by the Certificate Authority who issued them just as in the paper world degree and marriage certificates are signed by real persons.
How does your browser accept server certificates?
When your browser is presented with a server certificate by a web site it will accept it provided that it recognises the Certificate Authority that issued it. Netscape Navigator and Internet Explorer both come pre-configured with details of major Certificate Authorities that are frequently used to issue server certificates. Thus when you order a book from Amazon or book a flight with EasyJet your browser will accept the certificates presented by these sites since they have been issued by one of these authorities. You will almost certainly be unaware that this has happened.
If the CA who issued the certificate is not one of those that are known to your browser then an alert message will be displayed. You will then be given the option of confirming that you accept the certificate so that the connection can be established. You should view the details of the certificate and satisfy yourself that it has been issued by a trustworthy Certificate Authority before doing this.
The University is developing its intranet and is making increasing use of secure Web servers. As the secure servers are for internal use by staff and students, IT Services is at present issuing its own server certificates. In order that your browser will treat these certificates in the same way as those issued by major Certificate Authorities, you must configure your browser to accept the certificate issued by IT Services as a valid Certificate Authority. You should bear in mind that IT Services is not yet an official Certificate Authority, so there are circumstances under which you might find that your browser queries the authenticity of the certificates that it has issued.
The current St Andrews certificate authority was issued on 22 September 2005 and is valid until 20 September 2015.
Configuring your browser to accept the St Andrews certificate
The following links explain how to install the St Andrews certificate on Windows XP, Windows 2000 and Macintosh OSX computers. If you use more than one browser you must install the St Andrews certificate for every browser you use.
The current version of Microsoft Internet Explorer available for use on a Macintosh computer (version 5.2) is incompatible with the St Andrews University certificate. If you use a Mac please use Firefox, Netscape, Opera or Safari instead.
