The CSE department websites give me an error when I open them using HTTPS
Our department has a self-signed CA certificate. Most (if not all) of our services have certificates signed using this CA certificate.
Importing it as a trusted certificate should be enough. Firefox and Google Chrome on Linux use their own internal stores, and not the system-wide stores.
First, download the certificate: http://www.cse.iitb.ac.in/cse-cacert.crt [¹]
To import in Google Chrome:
- Go to the Settings, and search for certificate. Click on Manage certificates:
- Go to the Authorities tab, and click on Import:
- Navigate to the file you downloaded previously and select it. It will ask you which trust options should be enabled. Check at least the first option (identifying websites):
You're done! Now CSE HTTPS websites should be in green:
To import in Firefox:
Simply open the link in Firefox. It will detect it as a certificate and show you a dialog box similar to the one in step (3) above. Again, trust us for identifying websites. (Promise, we won't do anything nasty!)
To import in Ubuntu (for command line tools):
wget --no-proxy http://www.cse.iitb.ac.in/cse-cacert.crt
sudo mkdir -p /usr/local/share/ca-certificates
sudo cp cse-cacert.crt /usr/local/share/ca-certificates
sudo update-ca-certificates
¹ The more discerning amongst you may note that the link is not HTTPS, and is thus vulnerable. A more secure way would be to scp
the certificate from the mars.cse.iitb.ac.in (or any of the NSL/OSL lab systems):
scp mars.cse.iitb.ac.in:/usr/share/cse/cse-cacert.crt .
The HTTPS version of the link will work, but then you have the untrusted certificate error - so how can you trust it?