FIRST CA X509 Client Certificate Installation

Some FIRST services, the website included, use X.509 Client Certificates for authentication. These certificates are issued by FIRST CA and require that members and collaborators install the certificate on each device used to connect to these services.

When FIRST CA issues a certificate, it sends the private key and personal certificate to the team member's e-mail address (in a PKCS12 .p12 file), encrypted with a password that is sent to the Team's representatives. The message to the representatives is PGP encrypted.

FIRST CA

Installing the X509 Certificates is a quite simple one-step process, once you have the PKCS12 file (.p12) and its encryption password (sent to the representatives). On most systems, it can be installed as simple as double-clicking the downloaded file and following your OS wizard instructions.

Some applications, like Mozilla Firefox, use their own certificate storage, rather than the operating system's. So these applications have specific instructions on how to set up the certificate.

Importing Certificate in Windows

Works with Microsoft Edge, Internet Explorer, Google Chrome and other webkit-based browsers on windows.

By double-clicking the certificate it automatically opens up the Certificate Import Wizard, with the available Store Locations to be used. We recommend installing the certificate in the Current User store location.

Windows Certificate Import Wizard

After confirming the installation and file selection, the wizard will ask for the password for the private key, which is the password sent to the team representative. You may check the option to mark the key as exportable so that you may afterwards export this key to other applications as well.

In the next step, the wizard will ask where the certificate is to be installed. It's ok to enable the automatic selection, or manually set it to the Personal Certificate Store. It should ask for your confirmation before finish importing the certificate.

Try now to access FIRST Members website with your new certificate.

Importing Certificate in MacOS

Works with Apple Safari, Google Chrome and other webkit-based browsers on MacOS.

By double-clicking the certificate it automatically opens up the Keychain Access, prompting for the certificate password. Typing the password that was sent to the representative will install this certificate at the login keychain.

MacOS Keychain Certificate import

Try now to access FIRST Members website with your new certificate.

Importing Certificate in Mozilla Firefox (all operating systems)

Mozilla Firefox uses a different certificate storage, so in order to install the FIRST certificates for Firefox, it should be installed separately from the installation for the operating system.

Go to Tools > Options > Security > View Certificates... (button). On the Certificate Manager window, select Your Certificates tab annd click on the Import... button to select your .p12 file.

Firefox Certificate Manager

You'll be promted for the password that was used to encrypt this certificate backup (the password sent to the representative). Jusy type and press ok, you're ready to access FIRST Members website with your new certificate.

About X509 Certificates (troubleshooting)

Authentication with X509 Client Certificate is performed during SSL handshake, that is, while your browser is still connecting to the remote website (before the request is actually sent), and persists for the duration of the browser session (until all windows and tabs of the browser are closed).

When you access a restricted page using your certificate you should be prompted for which certificate you'd like to use. Cancelling or declining to accept the certificate will invalidate the browser session as well.

Certificate selection on Edge and Firefox

So, if you encounter any issues while testing your newly installed certificate, you may try: