Installing the Caltech Certificate Authority Root Certificate

The Caltech Certificate Authority Root Certificate can be obtained via download from

Be sure to choose the DER format for all versions of Internet Explorer and recent versions of FireFox, otherwise choose the PEM format for old versions of Firefox and Safari.

Browser Installation

Screenshot Instructions for Firefox

Browse to

Click on the "here" link related to the DER format depicted in the page shown in the screenshot above.

Check the selections as depicted in the screenshot above and click OK. The cert is installed!

Older Firefox

Note for security reasons you should never be using versions of FireFox older than the most recent.

Proceed to the Preferences menu, then click the Security tab.

Click the View Certificates tab, then the Authorities tab.

Click the Import button.
Browse to where you saved the certificate file, select it, then click the Open button.

Check the three trust boxes:
Trust this CA to identify web sites.
Trust this CA to identify email users.
Trust this CA to identify software developers.

Click OK until back at the main Preferences screen.

Instructions for Internet Explorer

Browse to

Click on the "here" link related to the DER format and choose Open as shown in the dialog above.

Click Install Certificate as shown in dialog above.

Select the radio button as shown in dialog above and click Next.

Click Finish. The cert is installed!

Older Internet Explorer

Note for security reasons you should never be using versions of Internet Explorer older than the most recent update.

Double-click the DER file downloaded earlier.

Click 'open file' if a security warning appears.
Click Install Certificate when the Certificate window appears.

The Certificate Import Wizard appears. Click Next. The following screen appears:

Change from 'Automatically select the certificate store based on the type of certificate' to 'Place all certificates in the following store.'

Click Browse, then select 'Trusted Root Certification Authories'.

Click OK. Click Next, then click Finish. Click Yes to Install. Finally, click OK to verify the import was successful, then OK to close the open Certificate window.

Note: If using Internet Explorer 7, you must close the browser and restart it at this point to avoid the following error page that appears when trying to view a website signed with the Caltech Root Certificate:

The error page is only displayed the first time a website signed with the Caltech Root Certificate is visited. Subsequent visits will proceed directly to the site. The address bar will have a red background, and a "Certificate Error" icon/message will be displayed to the right of the address bar to indicate that IE7 doesn't like the certificate. These warnings will disappear once IE7 is restarted.


These instructions are for MAC OS X Tiger. The main difference between Tiger and Panther is that you can't see the X509Anchors Keychain in Panther, so the way to verify successful import is to visit a site that uses the certificate authority. Certificates imported into the X509Anchors Keychain in Panther are automatically trusted.

Double-click the PEM file you downloaded. The Add Certificates window will appear.

Verify the 'Keychain:' drop-down box shows X509Anchors. If it shows login, change it. Click OK.

At this point, Keychain Access is open. Select X509Anchors in the upper-left box and verify that the Caltech Certificate Authority certificate is listed.

Double-click the Caltech certificate then scroll to the bottom. Expand (click on the arrow) the Trust Settions option.
Verify all drop-down boxes are set to Always Trust. If they are not, change them.

Close the window and quit Keychain Access.