External visitors to web.mit.edu can't use HTTPS to access content because the web.mit.edu servers unconditionally require client certs. Possible solutions include changing the web.mit.edu configuration to allow cert-less HTTPS access, or moving the content to a different server.
Web server certificate for kerberos.org is pending InCommon domain name approval. Migration of web.mit.edu/kerberos/ content will occur at a later point.
InCommon cert approved and installed on the new kerberos.org.