All CSC and ACSS facilities that require users to provide their Kerberos passwords are set up over secure TLS/SSL encrypted channels. Examples of such facilities are web-pages using the https protocol, 802.1x authentication for wired or wireless networks, ssh logins, VPN connections, email access through imaps and SASL authentication for smtp.
Setting up of encrypted TLS/SSL connections require the server to present SSL certificates to the client, so that the client may authenticate the server. This is to prevent against possible man in the middle attacks. Please note that accepting a server certificate without verifying its authenticity makes an user vulnerable to attacks.
Since we sign our own certificates, mail clients and web browsers may ask to examine and accept our certificate every time on start up. The users are requested not to make it a practice of accepting such certificates. Instead, the users may download the IITD CA certificate and install it as a valid CA (certificate authority). In most mail clients and browsers the CA certificate can be installed through the Preferences->Advanced->Certificates tabs.
You may require the IITD CA Certificate in DER format for some systems.
Please see HowTo: Import the CAcert Root Certificate into Client Software for details (follow the procedure outlined in this link, but use IITD's CA certificate instead of CAcert's).
Please verify the SHA1 and MD5 fingerprints of the IITD CA certificate before installing: