University of Washington Certificate Authority

Certificate Authority

Note: Although still usable, this Certificate Authority application now has legacy status. The new UW Certificate Services application provides consolidated certificate request and management functions for both the UW Services CA and the InCommon CA. See the UW Certificate Services documentation for a comparison of CA features.

Working with a root certificate

Installing the root certificate

The CA's root certificate must be installed into any program that will be connecting to an application that authenticates itself with our (the UW CA) certificates.

Specific use depends on your application. PEM is convenient because you can copy and paste the text from your browser into an application or file. DER is not printable and therefore cannot be as easily copied. Many applications can, however, work more easily with the DER format.

Browsers

The installation button on our user documentation page provides the easiest means to load the root certififcate into a browser.

Apache web servers

A Web server does not need access to the CA's root unless it will be authenticating clients (e.g. SOAP enabled programs) who themselves use our CA's certificates.
Each brand of web server has specific configuration instructions to indicate trusted root certificates. For Apache some applicable directives are
See the Apache documentation.

Programs unsing the OpenSSL library

OpenSSL is the most popular open source SSL library.
Paste the certificate into a file, e.g. cacert.pem.
Configure your program to use this file, using, for example, this function
SSL_CTX_load_verify_locations
See the OpenSSL documentation.

MS Windows applications

Windows applications will find the DER format of the root certificate the most convenient.
Click on the DER format link to allow your system's certificate manager to install the certificate.
The most appropriate storage area for the certificate on your system may depend on the particular application.