This page contains instructions on how to safely connect to the various services within the Computer Science department at Brock University. As our normal way of life is evolving to include 24/7 access to most things through network applications there has also been alot of progress made in utilities to try to intercept network information. For this reason you are urged to seriously consider the following guidelines when connecting to our resources in order to ensure that your login inforamtion is safe. If you have specific questions please feel free to contact us.

COSC Certificates
Most of our network services (HTTPS, FTP, POP and IMAP) use certificates to encrypt the information being passed across the network. It is important any time you are sending your password across the network to verify the certificate on the machine you are connecting to. The following information can be used to verify the integrity of the certificates that we use for our servers. If, at any time, you are prompted about the certificates being erroneous there is likely someone tampering with the connection in which case you should reject the certificate unless you can verify the MD5 or SHA fingerprints as listed below. We also use some certificates signed by our own certificate authority (eg: dbadmin.cosc.brocku.ca), if you are using one of the services you will need to download and install/import the cosc.brocku.ca root certificate. It is critical when importing a trusted root certificate that you verify it's integrity by ensuring that the Fingerprints match those posted here.

Certificate for www.cosc.brocku.ca (Administration scripts and CMS login)
MD5 Fingerprint: 2B:4A:58:BC:52:73:EE:0F:57:CD:5A:54:A9:85:83:9A
SHA1 Fingerprint: 54:31:F2:85:60:83:85:95:4D:50:87:E2:52:67:49:52:9D:8C:A2:2D

Certificate for mail.cosc.brocku.ca (POP, IMAP, SMTP)
MD5 Fingerprint: 03:5B:10:16:8B:71:8E:1F:90:2C:D2:10:49:AE:73:D0
SHA1 Fingerprint: 83:B7:FB:50:F7:EE:5F:92:9A:D2:B0:23:6F:D0:7F:68:1C:B6:84:5D

Certificate for cosc.brocku.ca (local certificate authority)
MD5 Fingerprint: 7F:A4:8E:01:F4:9E:F1:E3:C9:09:C7:D3:35:0D:F5:93
SHA1 Fingerprint: BB:80:A3:05:A5:83:4F:69:B6:14:15:F5:94:A8:72:C4:EC:97:6A:80

Certificate for sandcastle.cosc.brocku.ca (FTP signed by cosc.brocku.ca)
MD5 Fingerprint: 56:52:61:3C:82:36:0C:9A:5F:2B:CA:4D:65:A1:AC:D8
SHA1 Fingerprint: D6:DA:15:BA:49:FA:38:8C:52:5C:8B:D7:6B:60:E8:EA:E2:23:F3:91

Certificate for dbadmin.cosc.brocku.ca (signed by cosc.brocku.ca)
MD5 Fingerprint: B6:A1:DC:5F:19:F1:71:F4:57:D0:DE:E9:7B:24:E2:BF
SHA1 Fingerprint: 18:54:EB:37:C6:99:DE:4C:F7:3D:D3:6B:5A:30:58:C4:E0:33:86:26

SSH (Shell and File Access)
SSH is a protocol which allows network connections to be made with a server. It typically is used for shell access to network servers but is often used to tunnel other protocols such as RCP and FTP. In our labs we use PuTTY on Windows for making SSH connections, Linux and Mac OS X have built in clients.
It is very important to verify the fingerprint of the server key that you are connecting to; Sandcastle's key fingerprint is listed below. You will also find that client software will cache this key information after you accept it and if the key information ever changes the client will issue a warning. It is very important to react properly to those warnings!

Sandcastle SSH2 Key
RSA Fingerprint: 1024 55:a1:7b:e6:af:ce:f0:a4:61:66:e0:ea:f0:49:31:92

For help configuring PuTTY to connect to Sandcastle please see our Help pages.

FTP
In order to access Sandcastle through FTP you must have a client that is capable of running FTP with AUTH TLS. This means that all the data transferred can be encrypted using certificates. For FTP you will be using the sandcastle.cosc.brocku.ca certificate and are strongly urged to verify the fingerprint against the information listed above. You can find information on how to configure CoreFTP Lite to connect to Sandcastle off our Help page.

Encrypted services currently available on Sandcastle

• SSH/SFTP/SCP - port 22 can be used instead of telnet and FTP
• FTP w/TLS - set up on port 21
• IMAP - set up on alternate port 993
• POP - set up on alternate port 995