ROHAN Academic Computing

New ipsCA SSL Certificates and 'security warnings'

When connecting to secure websites such as Circuit, Infoguides and Rohan Webmail, you may see a 'security warning' similar to this:

This Connection is Untrusted
www-rohan.sdsu.edu uses an invalid security certificate

You may safely ignore this warning.  

The reason for this security warning is ipsCA.com, the issuer of SSL Certificates used by the SDSU Library, has recently renewed their root CA. The new root CA expires in 2029.

The problem with ipsCA's root CA renewal is that web browser and email clients (IE, Firefox, Safari, etc.) need to include the new root CA. Until the new root CA is included you may see the security warning message.

Install the new ipsCA Certificate:

• Email users install the ipsCA Bundle.  Detailed directions here.
• Firefox users install ipsCAGlobal.crt - Check Trust boxes and click OK.  Directions here.
• IE users install the ipsCA Bundle.  Directions here.
• Safari users install ipsCAGlobal.crt  Check always trust, then enter your password. Directions here.

If you follow the above procedures to import the ipsCA root CA to Firefox or other browser or email client, you will not see any security warnings related to the ipsCA certificate in the future.

Update: Microsoft is distributing the ipsCA certificates using dynamic downloads, automatically downloading the Root CA when IE accesses a web page protected with an ipsCA certificate, likewise for Google Chrome.