SAFE Downloading Instructions

The SAFE Download Service requires:

• UC Berkeley Authentication:  CalNet ID
  For CalAgenda downloads see CalAgenda Authentication.
• A Web Browser Capable of Secure Socket Layer 3.0, 128-bit Security, and JavaScript (See Older Web Browsers). 

Initial Download Page

When a download is selected at an authorized web site, the SAFE Download page appears with download information and UC Berkeley authentication.  For example:

The file information and download time estimates help you decide if you want to go ahead with the download.  If you are on a dial-up connection, keep in mind that the UC Berkeley dial-up services each have connect time limits (SHIPS and Faculty: 8 hours; General: 2 hours). Your ISP may or may not have a time limit.

You should have enough disk space and enough connect time left to complete the download.  The download time will be emphasized in red if the time exceeds 2 hours.

With some browser settings you may also be alerted that a secure SSL connection is about to be used. 

You are about to begin viewing pages over a secure connection.	OK
Do not show this warning	Cancel

To begin authentication and authorization click on CalNet Authentication.

CalNet Authentication and Authorization

CalNet authentication will open in a new window.

Authentication Web Server (AWS) Please identify yourself with your CalNet ID to access the following: SAFE Download Service Example.exe Current CalNet ID: Passphrase: The CalNet passphrase is case sensitive, so make sure to use correct capitalization when appropriate and that Caps Lock is not set on your keyboard. After you have been successfully authenticated, your browser will be returned to the above-named application, where you may or may not be granted access, based on your University status or your role as determined by the application.  If you are having persistent problems getting authenticated with your CalNet ID and passphrase, please contact User & Account Services .

Caution: Be careful where you use your CalNet ID.
Always check that the web site asking for your ID is authorized to do so, and that secure communication is being used.

1. Your browser should show a URL of  exactly "https://net-auth.berkeley.edu/cgi-bin/krbaws-uid". 
2. Your browser should indicate a secure connection with a closed lock () or unbroken key ()icon at the bottom of the screen.  You can usually right-click on the window and select Properties or View Info to see the security settings for the page.  The settings should show a current VeriSign certificate for net-auth.berkeley.edu.
3. Never ignore or disable browser security warnings.

Enter your CalNet ID and passphrase into the CalNet Authentication Web Server page and click on Authenticate.  If the authentication succeeds, you will briefly see:

And also briefly:

Then SAFE will open a new window, close the AWS authentication, and begin the download:

Every faculty, staff, or student member of the campus has a CalNet ID.  If you are a faculty or staff member and have not yet activated your CalNet ID, see your department's administrative staff or CalNet Deputy or contact User Account Services.  For students, the CalNet ID and passphrase is the one you would use for Bear Facts. 

If Authentication Fails

If your authentication fails, the Authentication Web Server will tell you the problem and an action to take.

If  you successfully authenticate with the AWS, but too much time has elapsed between the authentication and the start of the download (or if the server clocks are too different),  you will be told "Your AWS authentication time-limit has expired.".

If Authorization Fails

You may have a valid CalNet ID but not meet the requirements to download a particular software or there may be an error in your CalNet Directory information.

Most software is restricted to current faculty, staff, students, and certain affiliates (see Affiliates).  This does not include Summer Session students unless they are also in one of the forgoing categories.  Some software is restricted to UCB employees ( faculty and staff but not students).

For problems in your CalNet Directory entry, SAFE will ask you to check with User Account Services to resolve the problem.

If the CalNet Directory is not responding, SAFE will not be able to authorize the download.  In most cases you will be asked to contact the IST Trouble Desk.

If the Authentication Window Closes, but no Download Starts

Probably you are blocking "pop-up" windows to avoid annoying advertising. Your browser or some utility software you are running is doing the blocking.

To allow pop-ups for software.berkeley.edu:

• For Windows XP users with Service Pack 2: You should see a note on IE's Information Bar (at the top of the browser windeow under the web site address) saying "Pop-up blocked. To see this pop-up or additional options click here..." Click on the Information Bar and select the option to allow pop-ups from this site. This will allow future downloads from the Software site.
• For the Mozilla Firefox browser: Use the Tools/Options/Web Features menu and under "Block Popup Windows" click on Add Site and add "software.berkeley.edu".
• For the Opera 7 browser: Set Opera to 'Accept' or 'Open in Background'. (The latter opens the window under a "tab" rather than popping up a window.)

CalAgenda Authentication and Authorization

CalAgenda authenticates and authorizes in one step and is used only for CalAgenda downloads.

Enter your CalAgenda user name and password just as you would for CalAgenda.  If CalAgenda approves, the download will begin.

If you have problems with CalAgenda downloading, contact your CalAgenda support person.  If you do not know who that is, the Technical Support section of the CalAgenda Web Site.

SAFE Download Error Messages

In unusual circumstances, you may get a SAFE Download Error message.  These errors are caused by the originating web server, the SAFE web server, or your browser.   If you decide to try again, use your browser's Back button or return to the originating web site.  You may have to use your browser's Reload or Refresh button.  For more information on SAFE Download Errors see SAFE Errors.

Older Web Browsers

Secure Socket Layer (SSL) and 128-bit Security

Netscape Navigator 4 or Microsoft Internet Explorer 4.0 are the oldest versions that work with SAFE because they can do SSL Version 3 and have no problems which prevent their use with SAFE or the CalNet Authentication Web Server (AWS).

128-bit security is required because with current technology the old 40-bit encryption is just too easy to break.  For the time being you can get by with  40-bit encryption for downloads.

In some cases your browser may be able to do SSLv3 and TLSv1 but have been configured to use only SSLv2.  Check your browser settings under such headings as Advanced or Security.

To verify your browser security settings see Web Browser and Server Security Check.

To look for a newer browser, see WSSG Software.

JavaScript

Most browsers have JavaScript enabled.  Note that JavaScript is to be enabled not Java - they are very different.  JavaScript is used in several places to automatically have your browser initiate the next step.  If JavaScript is not enabled, you will be asked to click on a button to continue because the web servers are unable to proceed without your intervention.

Some older browsers try to do JavaScript but fail.  For these you may see malformed pages with "document.write" and other junk on the page.

To see if JavaScript is working in your browser see Browser Type Report.

Security
About the SAFE Download Service
Security Level

ABOUT SSL CERTIFICATES

QuickLinks to WSS:   CalAgenda • Cal WebDisk • Computer Labs • Computer Repair • Computer Store • Computer Training • Connecting@Berkeley • Departmental Support (DOCS) • Getting Help • Software Distribution • Student Consulting • UCLink • WSSG Software

Copyright and disclaimer notice
Send comments.
WSS is a unit of Information Systems & Technology (IS&T), UC Berkeley

URL: /about/SAFE/DownloadInstructions.html , page modified: Tuesday, 14-Sep-2004 10:23:11 PDT