Trusting the Physical Sciences Root CA in Common Browsers

Adding the Physical Sciences Root Certificate to your Trusted Root List

This web site supports Transport Layer Security (TLS) and Secure Sockets Layer (SSL) to encrypt the traffic between your computer and the server in order to protect your personal information and work. Depending on your browser, it may repeatedly say each time you connect that it is unable to verify the authenticity of this web site because it does not know about the Certificate Authority that issued the certificate. You can usually just tell it to connect anyway in these instances and continue to use the site, but if you would like to remove the warnings for the future you may follow this process to add the UCI Physical Sciences Root Certificate Authority Certificate to your browser's trusted list.

For help using secure Physical Sciences web sites select the browser and version below that most closely matches what you are using and follow along with the instructions:

Firefox 1.5

Firefox 2.0

Internet Explorer 6.0 to 7.0

Opera 8.0

Opera 8.5 to 9.2

Safari for Mac OS X

If you would like to use Pine with secure IMAP with a ps.uci.edu or ess.uci.edu email address directly from your computer inestead of through home.ps.uci.edu, download psrootca_pine_support_package.tar.gz and follow the instructions below (now supports BSD too):

$ tar xzfv psrootca_pine_support_package.tar.gz psrootca_pine_support_package/ psrootca_pine_support_package/install $ cd psrootca_pine_support_package/ $ su Password:

Enter your root password...

# ./install Pine uses normal libssl, looking for ca-bundle.crt... Detected that libssl certs belong in these location(s): /usr/share/ssl/certs/ca-bundle.crt Insert Physical Sciences Root Certificate? [y/n] y Installed Physical Sciences Root Certificate to /usr/share/ssl/certs/ca-bundle.crt

Note: Older libssl libraries seem to use cert.pem instead of ca-bundle.crt and many machines with a pine package built for this are missing the file entirely. This includes Ubuntu machines with the 3rd party .deb pine package. If you have such a machine the output of ./install will look like this:

# ./install Pine uses libssl.so.0.x, looking for cert.pem... cert.pem missing, going to create /usr/lib/ssl/cert.pem Detected that libssl certs belong in these location(s): /usr/lib/ssl/cert.pem Insert Physical Sciences Root Certificate? [y/n] y Installed Physical Sciences Root Certificate to /usr/lib/ssl/cert.pem

If install finds multiple ca-bundle.crt (or cert.pem as applicable) files that may be used by pine it will install to all possible locations to maximize the probability of success. It won't cause any harm to other applications if it inserts the certificate to a CA store that does not require it, so don't worry about this.

This will take care of pine's certificate trust issues but you will still need to copy the lines from your .pinerc on home.ps.uci.edu that say mavericks.ps.uci.edu in order to connect to the proper IMAP server.