menu

UPKI Digital Certificate Issuing Service

JAIST is subscribed to the UPKI service of the National Institute of Informatics (NII). Accordingly, it provides the services of issuing client certificates and server certificates. This page provides information on the issuing the electronic certificates.

 

This digital certificate is necessary for some changing personal user account and VPN connections from outside the university. Please use it and save it appropriately.

How to use the certificate issuing service

Please follow the instructions in the link, if you want to install the certificate on your personal client devices  for accessing JAIST research services.

UPKI Client Certificate

 

Please use the server certificate issuing service, if you want to install the certificate on research server machines.

UPKI Server Certificate

FAQ

Digital certificate/PKI

I would like to confirm whether my digital certificate has been successfully imported

1. Web browser

For Firefox

Select the "Tools" tab → "Options" → "Advanced" → "Certificates" and press the "View Certificates" button and then "Your certificates" column.

 

For Internet Explorer,

Select "Tools" → "Internet Options" → "Content" tab and press "Certificates" button. It will be shown in the "Personal" column.

 

For Safari (Mac OS X)

Open "Keychain Access" (in Applications / Utilities) and search for client certificates. Clicking on the "My Certificate" category makes it possible to see to available client certificates.

 

For Safari (Windows OS)

Please refer to the contents of "InternetExplorer".

 

2. Mail software

In the case of Thunderbird, Select "Certificate" tab of "Tools" → "Options" → "Details" and press the "Show Certificates" button. You will see it in the column of "Your certificates".

I would like to use the digital certificate on multiple computers (browser, mail manager).

Please import the downloaded digital certificate (with .p12 extension) into to the browser or mail program that you plan.
If you do not have the digital certificate file at hand or you deleted it, please refer to "I want to retrieve the issued digital certificate file again".

I received an email that the digital certificate is about to expire. What should I do?

You will receive a notification email within one month of the expiration date of the digital certificate. To continue using the digital certificate service, you need to go through the "application for renewal" process.

  1. Access the digital certificate management system (accessible only from the campus network)
  2. Enter your username and password to login
  3. Press the "New application / renewal application" button to acquire a new electronic certificate
What is PKI?

PKI (Public Key Infrastructure) is the "infrastructure" of internet security using public key cryptography technology.

By using this PKI security infrastructure, it is possible for users to use applications and communicate more securely.

 

 

What is the "password" for issuing/importing certificates?
  • When you are asked for password at 【STEP1】 on the National Institute of Informatics page.

If the screen of "【STEP1】認証情報パスワードを入力" is displayed, the certificate issuance process has failed. (In case of correct operation, the screen of "【STEP2】証明書を発行" will be displayed.)
Please send your user name and a screenshot of the screen to us.

*Clicking the "[発行/issue]" or "[証明書をダウンロード/Download certificate]" button multiple times may cause this to happen.Please click the buttons only once.

  • When you are asked for a password (access PIN) during import.

During import, you will be asked for the password for the certificate/private key/encryption/extraction.

-When the certificate file was obtained by downloading it from UPKI
The access PIN (initial password for import) can be confirmed in the J-UPKI system, and please enter it.

-When the certificate file is exported and obtained
Please enter the password you have chosen for the export.

Unable to delete digital certificates in Firefox

The certificate used for "Authentication Decision" in Firefox cannot be deleted.
To deleted the certificate, please follow the steps below.

  1. Open the Firefox Certificate Manager.
    Click [≡] (three horizontal lines in the upper right corner)
    → Click [Settings]
    → Click [Privacy & Security]  scroll down
    → Click [View Certificates]

  2. Deleting authentication settings
    Click the [Determine authentication] tab
    → Click the "auth.jaist.ac.jp" line
    → Click [Delete]

  3. Deleting the certificate
    Click the [Your Certificates] tab
    → Click the certificate you want to delete
    → Click [Delete]
"[STEP 1] Enter the Password" screen appears when issuing the certificate.

When "[STEP 1] Enter the Password" screen is displayed, the issuance of the certificate has failed.
Please contact us with your user name and screen view ("[STEP 1] Enter the Password" screen appears).
Inquiry Form

Certificate imported to mac is "not trusted".

When importing a client certificate, "SECOM Passport for Member RSA CA16" will be imported at the same time as the root certificate. If this root certificate causes an error with the message "This root certificate is not trusted," please check the fingerprint and change the trust settings.

 

  1. Check the fingerprints
    Please refer to the following page to confirm that the "Fingerprint SHA-1" of "SECOM Passport for Member RSA CA16" is "D5 62 97 10 C1 7B D6 63 91 E8 FC 27 91 9C E1 41 DA B4 7A F8".
    https://support.apple.com/guide/keychain-access/view-the-information-stored-in-a-keychain-kyca1085/11.0/mac/14.0

  2. Change trust settings
    Please refer to the following page and change the trust setting of "SECOM Passport for Member RSA CA16" to [Always Trust].
    https://support.apple.com/guide/keychain-access/change-the-trust-settings-of-a-certificate-kyca11871/11.0/mac/14.0
Certificate imported to mac is "not trusted".