Computer Services Centre

Indian Institute of Technology Delhi

  • Increase font size
  • Default font size
  • Decrease font size



All CSC and ACSS facilities that require users to provide their Kerberos passwords are set up over secure TLS/SSL encrypted channels. Examples of such facilities are web-pages using the https protocol, 802.1x authentication for wired or wireless networks, ssh logins, VPN connections, email access through imaps and SASL authentication for smtp.

Setting up of encrypted TLS/SSL connections require the server  to present SSL certificates to the client, so that the client may authenticate the server. This is to prevent against possible man in the middle attacks. Please note that accepting a server certificate without verifying its authenticity makes an user vulnerable to attacks.

IITD uses self-signed certificates for some servcies whereas it uses Letsencrypt,Entrust Certficates from Wifi/Mail services (see and  Wifi/802.1x Network access as well as Mail clients and web browsers  may ask to examine and accept these certificates every time on start up. The users are requested not to make it a practice of accepting such certificates. Instead, the users may download the IITD CA certificate  and install it as a valid CA (certificate authority). The CA certificate can be installed through the Preferences->Advanced->Certificates tabs. You may require the IITD CA Certificate in DER format for some systems.

In most operating systems & browsers the letsencrypt X3 CA and Entrust CA should be already available.If required you may download and install Let’s Encrypt Authority X3 (IdenTrust cross-signed): [pem] [der] or from here Letsencrypt X3 Intermediate certificate and Entrust CA from here Entrust Bundled Certificate.

Please see HowTo: Import the CAcert Root Certificate into Client Software for details (follow the procedure outlined in this link, but use Letsencryp X3/IITD's CA certificate instead of CAcert's).

To Install Certificates one can follow the following snapshots

IITD  self-signed certificates for CA with validity upto Jun 22 05:28:29 2029 GMT are: 

IITD CA certificate 

    SHA1 Fingerprint=88:f6:de:a8:a3:b1:72:1c:3f:d3:47:f2:38:d3:08:17:d2:58:67:e5

     MD5  Fingerprint=b0:2a:b7:2c:7a:27:08:a8:62:f0:a4:c6:d4:4a:25:d5

IITD CA Certificate in DER format 

      SHA1 Fingerprint=4a:f3:9d:ef:c7:5f:f8:5b:fc:42:ce:21:1b:c8:9f:08:09:2b:00:6b

       MD5  Fingerprint=15:54:db:e6:88:2f:dc:1c:0f:c2:2a:ae:0a:08:ce:5e

Please verify the SHA1 and MD5 fingerprints of the IITD CA certificate / IITD CA Certificate in DER format before installing





Last Updated on Tuesday, 15 October 2019 11:01