Adding the MIT Certificate Authority

While not strictly necessary for client authentication, most MIT users will want to add the MIT CA to the list of trusted CAs. You may also want the CSAIL CA (specifically, the Master CA). On Windows or Mac OS X, downloading the file and opening it should be sufficient. If you've already configured this for Internet Explorer or Safari, respectively, you may skip this step; Chrome uses the system certificate store.

On Linux, however, Mozilla Firefox uses a private certificate store instead of the system NSS one. There is no system interface for adding certificates, but recent versions of Chrome provide one. Download the MIT or CSAIL CA linked above. Then press the wrench and go to Settings | Advanced Settings | Manage Certificates. Under the Authorities tab, press Import... and select the certificate you just downloaded.

You can also use the NSS command-line tools to manage your certificates. If you're running Ubuntu or Debian, install the package libnss3-tools. To trust the MIT CA for SSL, download the file and run

certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n "MIT CA" -i path/to/mitca.crt

For more information, see Mozilla's documentation on certutil.

Enrolling in and Using Client Certificates

As of Chrome 7, the standard workflows should work without workarounds. Visit the usual web interface and follow the instructions to install certs normally. You can check your work with this demo page. If everything is working, it should welcome you by name, and tell you that a certificate for your username is installed.

Using a Smart Card or Other Password-Protected Certificate Store

While NSS does allow you to configure your certificate store to use smart cards or protected by a password, Chrome does not support this yet. Star bug #42073 to receive updates.