menu

About the client certificate issuing service

JAIST is subscribed  to the UPKI service of the National Institute of Informatics (NII), accordingly, it provides services such as issuing client certificates with the Information Society Infrastructure Research Center.

 

With this certificate, our university information system provides high security services, such as VPN connection from outside the university and changing of user account password.

 

The teachers and students of our university who wish to use the client certificate can issue / renew / revoke the client certificate as described below. At the same time, users are obliged to properly manage the issued client certificates.

Services requiring client certificate

By importing the client certificate into the WEB browser, mail software, etc., you can access the following services.

Notes on the handling of Certificates

A client certificate is imported into an application (web browser, mail client, etc.) together with a pair of private keys and used for the purpose of proving the user's identity. Therefore, you have to be very careful not to let the certificate containing the private key fall into the hands of others. If the private key is stolen, the user's identity can be spoofed, which may lead to the leakage or falsification of information. If your private key has fallen into the hands of others, or is likely to fall into the hands of others, please take steps to revoke your client certificate immediately.

 

  1. Do not give  to others, do not import the  into a shared computer that is being used by a common account, or do not import  into a computer whose identity is unknown.
    Under an environment where other people can access the imported certificate, it is easy for someone to steal your private key. Please make sure that you use the client certificate only on a trusted computer where nobody can access it except you.
  2. When exporting client certificates, protect with proper passwords.
    When exporting and extracting certificates that have been imported into a web browser or email software, etc., please make sure to save them with a proper password. Saving without a password or with a simple or easy password can easily lead to the loss of your private key, so make sure to protect it with a proper password.
  3. Do not place your certificates in a folder (location) where others can see it.
    Keep exported files containing your private key in a place where no one else can access it. Even if the files are password-protected, there is still a chance that your password can be broken.

Web browsers available for certificate download

The types of web browsers that can download certificate from the UPKI site are limited.

UPKI specifies that the following Web browsers can be used.

It is recommended that you download the certificate on a PC (windows or macOS).

 

【Windows】

  • Google Chrome
  • Edge Chromium
  • Firefox
  • Internet Explorer (You need to change the settings in advance) (Due to the UPKI system problem, IE will not be able to get certificates from the end of August 2020.)

【macOS】

  • Google Chrome
  • Firefox
  • Safari

Client Certificate Issuance Procedure

[ Before you apply for a certificate ]
An information in a client certificate contains the applicant's email address information. If you (student) are planning to change your e-mail address, you must get a certificate after you change your e-mail address. If you have changed your e-mail address after the certificate has been issued, you must reacquire the certificate (revocation -> issuance) as soon as possible.

 

Client certificates can be obtained by the following operations.

  1. Apply for issuance from the J-UPKI system (accessible only from the campus LAN including SSL-VPN connection).
  2. Access the UPKI website from the J-UPKI system and download the certificate.
  3. Import the downloaded certificate to the terminal/application.

 

For details, please read the "Client certificate issuance procedure" page.

Client certificate issuance procedure

 

 

【appendix】Certificate storage location for each app
OSApps etc.Storage of imported certificates (References for each Apps)
Windows




Windows (For wireless LAN configuration (JAIST, eduroam))Windows Certificate Store (Control Panel -> Internet Options ->  Contents)



Microsoft Edge
Google Chrome
Internet Explorer
FirefoxCertificate Manager in Firefox (Options -> Privacy & Security -> View Certificates)
macOS



macOS (For wireless LAN configuration (JAIST, eduroam))Keychain Access.app (Applications → Utilities)


Safari
Google Chrome
FirefoxCertificate Manager in Firefox (Preferences -> Privacy & Security -> View Certificates)

 

 

 

Client Certificate Revocation Procedure

  1. Access the J-UPKI system and log in.
    ※You can access J-UPKI system only from inside  the campus network (or using the SSL-VPN service).
  2. Click the  失効 / Revoke button.
  3. Select the reason for revoking (失効理由を選択し), choose revoke (失効を実行) and click [OK] to confirm.

Please note that this process may take up to 10 minutes.

Client certificate update procedure

This option is available about 30 days before the expiration date of the certificate currently in use.

  1. Access the J-UPKI System and log in (required settings before using IE)。
    ※You can access J-UPKI system only from inside  the campus network (or using the SSL-VPN service).
  2. Click the [ 更新 / Update ] button.
  3. The following steps are the same as in the  3 steps of (Issuing a new certificate).