Frequently Asked Questions
UBC Mathematics: MathNet FAQ [MathNet Certificates]

UBC Mathematics: MathNet FAQ [MathNet Certificates]

Question: Where can I get/verify certificates used by MathNet SSL enabled services?
Author: Joseph Tam
Date: Apr 22, 2014

Right here. All our SSL enabled services (e.g. https://sites, remote mail protocols, etc.) will have their security certificates published here. You can either download them and install it into your certificate repository, or use the fingerprint information here to check that the certificates received by your browser or mail reader is authentic.

Self-signed vs CA-signed certificates

Our certificates comes in 3 flavours: self-signed, local CA signed, and third-party CA signed.

  • Self-signed: a stand-alone certificate that asserts its own authenticity. This is used for test sites and non-essential services. These certificates usually require users to acknowledge or accept the certificate when initially connecting to the service. Users can also manually store the certificate from here -- users should check the fingreprints of the certificate here before accepting them. These certificates will be phased out by the next 2 types.
  • Local CA signed: a certificate signed by our local CA certificate (see UBC MathNet CA below). Importing this local CA certificate into your certificate authority cache will allow your reader to automatically validate all service certificate signed by this local CA certificate. If you elect not to import our local CA certificate, you can still accept service certificates individually.
  • Third-party CA signed: same as above except the CA is a third-party authority -- usually a commercial company that is paid for their signing service. An advantage of these certificates is that they are automatically accepted by browsers and mail readers.


Third-party CA signed certificates usually do not have to be manually added. Self-signed and local CA certificates can be downloaded in one of two formats: DER format is usually acceptable to most systems, but some will recognize the CRT format. To install:

  • Some systems (e.g. Windows, MacOSX) recognize certificates by their filename extensions: you may be able to download and double-click on the certificate file to install them. This will usually allow the native browser (Safari, Explorer) to start using them. Third party software may require you to install them using their own procedure, like ...
  • Firefox manages its certificates from their menu: Preferences (or Options) -> Advanced -> Encryption -> View Certificates.


    • Download: [] [] (usually no need to pre-load)
    • Service: remote mail services and wiki
    • Type: third-party signed certificate
    • Validity: Apr 22 17:02:24 2014 - Sep 12 17:58:13 2018 GMT
    • Fingerprints:
      • (MD5) AE:71:E2:DF:5E:CD:7E:29:51:01:8F:EE:7C:67:90:D4
      • (SHA1) 2B:6C:52:1B:5E:C5:D4:D5:76:D2:B0:87:BA:9F:A2:F8:B2:91:72:97
  • UBC MathNet CA
    • Download: [math-ca.der] [math-ca.crt]
    • Service: used to sign other certificates.
    • Type: Local CA certificate.
    • Expires: Dec 31 10:55:17 2037 GMT
    • Fingerprints:
      • (MD5) 9F:42:0F:8D:ED:77:BC:B3:06:A7:45:96:64:D3:F0:07
      • (SHA1) 6F:F6:DC:D0:4B:4D:6E:08:B4:BD:35:62:C8:5C:B2:C4:A0:6C:8D:06