Strategic and Practical FAQ -- Using Digital Certificates
Loading the CREN Root Certificate into Your Browser
Draft 1.7, August 5, 2001
1. What is the CREN root certificate?
The CREN root certificate is a digital document containing
the public key portion of the CREN self-signed certificate.
2. Why do I want to know how to load the CREN root into my browser?
You want to know how to load the CREN root into your browser
because it provides you with some control over which servers you authorize your
browser to interact with. Your browser comes preloaded with dozens of root
certificates in the Security Module. These certificates “certify” servers to
3. Is it hard to load the CREN root into my browser?
No. Downloading the CREN Root Certificate into your browser
is very straightforward, similar to installing a plug-in. Here is how to do it.
* At www.cren.net, click
on "Download the CREN Root to your Browser" link.
* The browsers handle the certificate loading and naming
slightly differently. Here is how they are different.
-In Netscape, the
browser checks to see if the CREN root is already in your browser. If it is
not, the browser presents a series of dialogue boxes that asks if you want to
install this certificate into your browser Security Module. After clicking
through the dialogue boxes, the Netscape browser presents a dialogue box that
allows you to create a “User Friendly" name for the certificate. (We
recommend that you use the name “CREN CA.”).
- In Internet Explorer, the browser also presents a series
of dialogue boxes. The one potentially
confusing dialogue box presents the choice of opening the certificate file from
the current location or saving it to disk.The recommended choice is to select the choice, ”Open this file….” and
click OK. Then click the"Install
Certificate" button in the next window.
4. How do I know if I have successfully downloaded the CREN root?
After you install the CREN CA root in your browser it
appears in your list of CA Signers. To
see the certificate, here is what to do.
click on the Security Icon in the toolbar, click Signers and find the CREN CA
in the list. You can then choose to"Verify" or "Delete" the certificate. An"Edit" button also allows you to
check to enable the use of this certificate for three purposes, certifying
network servers, certifying e-mail users, and certifying software developers.
- In Internet Explorer, click on Tools, Internet Options,
Content and Certificates and choose the Trusted Root Certification Authorities.
Look for the “Education and Research Client CA”.This is the name assigned to the CREN Root in IE.
To give it a “Friendly Name”, you would have
to click on the Details tab and choose Edit Properties.This is also where you will be able to
change the intended use of this certificate.
5. How do I know if I have downloaded the valid CREN root and not a bogus
Just as it is easy to see the CREN Root Certificate in your
browser after you have downloaded it, it is also possible to verify that the
certificate is the valid CREN root certificate. The way to do this is to check
its fingerprint or thumbprint against the publicly distributed one.
The browsers handle the
algorithms of the certificates differently. However, among the many possible combinations of browser and operating
systems that are possible, you should see one of the following thumbprints or
6. Is the thumbprint or fingerprint of the CREN root Certificate posted
The best way to ensure that bogus certificates do not
proliferate is to post the thumbprints/fingerprints of root certificates
broadly. Thus, the thumbprint /fingerprint of the CREN root are or will soon be
posted on other higher education sites.
7. Can I see screen shots of this process anywhere?
Yes. There are detailed step-by-step instructions with
screen shots for this process for Internet Explorer and Netscape posted at
8. Do users need the CREN root certificate installed in their browsers for
the access of JSTOR using digital certificates?
No, the JSTOR server will have the CREN root certificate
installed. Users will only need their digital certificate that has been issued
to them by their institution and their digital certificate password.
However, users may need the CREN root
installed in their browsers for using other web applications.
Please send comments/suggestions to