|
SSL (Secure Socket Layer) provides an encrypted channel for communication and is used on some of the CUE web servers. These systems have a security certificate associated with them. In addition to creating a secure channel, SSL also allows the client (browser) to verify that it is connecting to the correct host, and not some imposter. The server's security credentials are used to do this.
When your client (browser) connects to the server, the server presents its credentials to your browser. Your browser may alert you to say that the certificate received from a CUE web server is unknown, or is signed by an unknown authority. It should also allow you to examine the certificate that has been presented to decide if you wish to trust it. The browser should show you the certificate's "Thumbprint". This value can be compared with the values in the table below for the server in question to confirm that you are connecting to the correct server. If you are satisfied that the certificate presented indeed matches the certificate for the desired server, then you can accept the certificate as authentic. You can then answer your browser's dialog to accept the certificate that was presented. If you wish, you can check the box that says to "remember this certificate..." which will prevent you from seeing this warning in the future for this particular server.
Alternatively, for CUE webservers, the certificates in use have all been signed by a JLab signing authority (cleverly called "JLabCA" and "JLabWinCA"). Security certificates have features that allow one certificate to be signed by another, lending the authority of the signing certificate to identify the signee. Additionally, browsers allow you to import certificates into your browser and indicate that you wish to trust all certificates signed by these certificates. If you import the JLabCA and JLabWinCA certificates into your client's Trusted Signers list, all of the certificates signed by the JLab signers will be trusted by your browser, and you will no longer receive warnings relating to any authentic CUE web servers.
You can import the certificate file for the JLab signers by clicking the link and following the directions provided by your client. Doing this will tell your browser to trust all certficiates signed by this certificate.
| System | Certificate | SHA1 Thumbprint |
|---|---|---|
| JLabCA | JLabCA.crt | ba:9c:b8:97:4e:8a:e1:62:c3:e4:be:92:a0:b1:a2:e2:38:4e:58:c7 |
| JLabWinCA | JLabWinCA.crt | 80:4d:65:da:73:ff:45:92:f3:09:29:36:43:5d:4c:ce:91:39:ad:2a |
| Voice Mail Server | avmss.crt | bd:da:0b:e1:72:01:6c:96:ec:12:76:c9:39:7e:8c:be:a3:27:57:0b |
This document is maintained by {helpdesk@jlab.org}
Copyright Jefferson Lab 2007