Please note the following:\\
\\
# MIT Server Certificates are signed (issued by) the MIT CA (Certificate Authority) certificate, which can be found at [http://ca.mit.edu/mitca.crt|http://ca.mit.edu/mitca.crt]\\
\\
System that are presented with a Server Certificate need to verify that the  certificate has been signed by the MITCA certificate. In order to do this, the system that is receiving the certificate need to have the MIT CA certificate in their trusted root store. This is the reason that MIT users must typically install in the MI CA cert in their browser root store.\\
\\
# MIT Application Certificates and MIT User Certificates, are signed (issued by) the MIT Client CA (Certificate Authority) certificate, which can be found at [http://ca.mit.edu/mitClient.crt|http://ca.mit.edu/mitClient.crt]\\
\\
System that are presented with an MIT Application Certificate need to verify that the  certificate has been signed by the MIT Client CA v1 certificate. In order to do this, the system that is receiving the Application Certificate during authentication needs to have the MIT Client CA v1 certificate in their trusted root store. Failure to install the correct certificate in the trusted root store will at best result in a warning. The typical result is a complete, and silent, failure. At times, people have installed the MIT CA certificate, instead of the MIT Client CA v1 certificate and encountered these errors.\\
\\
In general the MIT CA certificate must be installed on machines where users' browsers reside, but the MIT Client CA v1 certificate must be installed on servers, in addition to the server's specific Application certificate or Server certificate. There is also a growing trend that requires a user's browser to have the MIT Client CA v1 certificate installed before the user can create and install an MIT user certificate. \\
\\