Frequently Asked Questions
UBC Mathematics: MathNet FAQ [MathNet Certificates]


UBC Mathematics: MathNet FAQ [MathNet Certificates]



Question: Where can I get/verify certificates used by MathNet SSL enabled services?
Author: Joseph Tam
Date: Dec. 05, 2011

Right here. All our SSL enabled services (e.g. https://sites, remote mail protocols, etc.) will have their security certificates published here. You can either download them and install it into your certificate repository, or use the information to check that the certificates received by your browser or mail reader is authentic by confirming that the fingerprints match.

Self-signed vs CA-signed Certificates

Our certificates comes in two flavours: self-signed and CA signed. Our older certificates are self-signed, and require no other certificates to validate them, but they only are valid for a specific service. You can import them directly into your browser's or mail reader's certificate repository. Self-signed certificates will no longer be generated for new services or web sites; all future service certificates will be signed using our local CA certificate.

All new certificates issued by MathNet will be validated by signing them with with our local CA certificate (see UBC MathNet CA below). Importing this local CA certificate into your certificate authority cache will allow your reader to automatically validate any service certificate signed by that local CA certificate. If you elect not to import our local CA certificate, you can still accept service certificates individually.

Installation

Certificates can be download in of of two formats: DER format is usually acceptable to most systems, but some will use the CRT format. To install:

  • Some systems (e.g. Windows, MacOSX) recognize certificates by their filename extensions: you may be able to download and double-click on the certificate file to install them. This will usually allow the native browser (Safari, Explorer) to start using them. Third party software may require you to install them using their own procedure, like ...
  • Firefox manages its certificates from their menu: Preferences (or Options) -> Advanced -> Encryption -> View Certificates.

Certificates

  • UBC MathNet CA [math-ca.der] [math-ca.crt]
    • Service: used to sign other certificates.
    • Type: Local CA certificate.
    • Expires: Dec 31 10:55:17 2037 GMT
    • Fingerprints:
      (MD5) 9F:42:0F:8D:ED:77:BC:B3:06:A7:45:96:64:D3:F0:07
      (SHA1) 6F:F6:DC:D0:4B:4D:6E:08:B4:BD:35:62:C8:5C:B2:C4:A0:6C:8D:06

  • www.math.ubc.ca [www.der] [www.crt]
    • Service: our department web site including MathNet User Services.
    • Type: signed by UBC MathNet CA.
    • Expires: Dec 5 00:38:08 2016 GMT
    • Fingerprints:
      (MD5) 1B:B1:28:C1:1A:C2:6E:EF:F2:3B:C5:E3:AD:23:86:C4
      (SHA1) A8:49:4A:F9:94:83:AB:53:1C:FF:4F:A9:41:CD:5A:AD:39:BE:AF:EE

  • www.math.ubc.ca [expired] [www-expired.der] [www-expired.crt]
    • Service: our department web site including MathNet User Services.
    • Type: self-signed certificate.
    • Expires: Nov 5 21:30:52 2011 GMT
    • Fingerprints:
      (MD5) AA:7E:77:76:8E:15:C8:09:39:4D:72:EB:4B:BA:F2:10
      (SHA1) EB:34:0E:06:99:9E:7B:6C:5B:41:5B:FE:FD:FB:56:37:72:5E:F8:C2

  • secure.math.ubc.ca [secure.der] [secure.crt]
    • Service: our internal web site.
    • Type: self-signed certificate.
    • Expires: Oct 6 01:36:47 2031 GMT
    • Fingerprints:
      (MD5) 8C:9D:B0:14:EE:C9:5B:FB:23:B9:76:F0:A1:6E:AB:BC
      (SHA1) 9A:28:24:D8:63:6B:8D:84:BF:90:DB:77:24:96:C8:1B:59:71:E6:9C

  • webmail.math.ubc.ca [webmail.der] [webmail.crt]
    • Service: our webmail facility.
    • Type: self-signed certificate.
    • Expires: Oct 29 18:08:31 2029 GMT
    • Fingerprints:
      (MD5) 27:57:76:5D:ED:61:E5:89:5F:75:20:19:7B:BC:8E:A6
      (SHA1) 1D:12:2E:E1:55:0F:F6:12:B8:BD:8D:D9:09:C9:4A:90:E7:A1:68:0D

  • pop.math.ubc.ca [pop.der] [pop.crt]
    • Service: POP3 remote mail service.
    • Type: self-signed certificate.
    • Expires: Jun 2 02:34:38 2031 GMT
    • Fingerprints:
      (MD5) 8D:DB:3E:E7:4B:D8:7C:FE:99:CA:F8:F8:4C:03:22:4B
      (SHA1) 8E:4A:F8:90:69:BC:97:B7:E2:7A:56:43:E3:AF:E1:17:A4:7C:3D:6B

  • imap.math.ubc.ca [imap.der] [imap.crt]
    • Service: IMAP remote mail service.
    • Type: self-signed certificate.
    • Expires: May 26 00:28:06 2029 GMT
    • Fingerprints:
      (MD5) AA:DA:A1:4A:D3:BD:6B:99:FD:15:42:F9:16:7E:C5:21
      (SHA1) 23:F0:69:42:2F:43:A8:30:20:6D:AD:88:42:05:82:EC:88:5F:E2:8E

  • mailhost.math.ubc.ca [mailhost.der] [mailhost.crt]
    • Service: Authenticated mail relay (outgoing).
    • Type: self-signed certificate.
    • Expires: Jun 5 00:09:31 2032 GMT
    • Fingerprints:
      (MD5) E7:ED:7C:79:15:41:7F:4D:0A:E0:59:60:43:D0:41:B8
      (SHA1) 7C:29:9C:2A:47:51:76:D5:27:98:04:9E:C2:CC:14:F5:4B:C3:C0:D5

 
Top