Benefits and key features
Certificates are a safe way for MIT web applications to identify you without you needing to type in a username and password.
Personal certificates expire every year on July 30 and must be renewed annually. The MIT Certificate Authority (MIT CA) is valid until August 2026.
To access MIT's secure web servers you need two different types of certificates:
- The MIT Certificate Authority (MIT CA) authenticates the secure web server to your computer. They are valid for several years. You'll be adding the MIT CA to a group of other certificate signers within each of your web browsers.
- Your MIT Personal Certificate authenticates your computer and provides access to restricted web pages or applications. It is "signed" by the MIT CA and associates you with your Kerberos username and password, proving to the secure web server that you are who you claim to be.
Requirements
Before obtaining certificates, make sure you have the following:
- Your MIT ID number
- Your Kerberos username and password
- A Duo 2-factor authentication device
- A web browser installed on each computer for which you are getting certificates
- Note: You will be required to change your Kerberos password during certificate renewal if your existing password is older than one year
Getting started
If you've done this before and just want to get/renew your certificates:
We strongly recommend using CertAid to configure your certificates for any current version of Chrome, Edge, Firefox, or Safari. CertAid manages the entire certificate setup procedure, giving you a more reliable installation experience. The setup procedure includes installing the MIT CA as well as your personal certificate.
Older and non-standard browsers may not support certificates installed using CertAid, in which case you may be able to install a certificate manually via the Get an MIT Certificate page. See all your options by visiting Certificates in the Knowledge Base.