Certificate Howto

When you first access www.mcqn.net over a secure connection (one which starts https:// rather than http://) a dialog will pop up informing you of a security alert. On Windows XP it looks like this:

Security Alert Dialog Box

This is because I haven't paid the £100 or so to have the certificate (which is used to encrypt all the data sent between my server and your computer so no-one can intercept it and read it) signed by one of the companies that Internet Explorer trusts.

Presuming you trust me, you can just click "Yes" and carry continue to whatever it was you were looking at. If you want to check things more closely then click "View Certificate". This will bring up a new dialog like this one:

Certificate Information Dialog Box

Things to check are that it is issued to the same site or company who's website you are visiting, and that it is still valid. The fact that it was "issued by" the same person that it is "issued to" is usually not a good sign - if you're about to send your credit card details to some website, and although this will mean that the information will be safe from someone eavesdropping on the connection, once it gets to the website they can decrypt it, so it'd be nice to know that someone has done some checks that this website is who it claims to be.

Usually certificates are issued by someone like Verisign, who will do all sorts of checks first, but also charge for the privilege. I'm assuming you'll trust that I am who I say I am :-)

If you want even more proof, then you can check the "Details" tab, and look at the "Subject" (in this case it's the same as the "Issuer", I saved the wrong screen shot) and check that the email address (E); website or company name (CN); organization (O); location (L); state or county (S); and country (C) look plausible.

Certificate Details Dialog Box

Installing The Certificate

So far, if you just choose "Yes" at the "Security Alert" dialog box, you'll be prompted again next time you run Internet Explorer and visit the secure section of my website. If you want to always choose "Yes", then you can install the certificate. This just means the Internet Explorer keeps a copy of the certificate, and knows that you trust it, so next time it sees the certificate it doesn't have to bother asking you about it.

  1. From the "Security Alert" dialog box, choose "View Certificate" to bring up the "Certificate" dialog box:
    Certificate Information Dialog Box
  2. Choose "Install Certificate..." which (on Windows XP at least) starts the "Certificate Import Wizard":
    Certificate Import Wizard welcome screen
  3. Choose "Next":
    Certificate Import Wizard certificate store
  4. Leave "Automatically select the certificate store based on the type of certificate" selected, and click "Next":
    Certificate Import Wizard completing dialog
  5. Choose "Finish", which will then prompt you as to whether you want to add the certificate to the root certificate store:
    Root Certificate Store prompt
  6. Choose "Yes". The system should tell you that the import was successful:
    Successful import dialog
  7. Click "OK". The certificate has now been installed.