Difference between revisions of "CAcert"

From YobiWiki
Jump to navigation Jump to search
Line 9: Line 9:
 
* [http://www.cacert.org/index.php?id=19 What can CAcert provide to you, to increase your privacy and security for free?]
 
* [http://www.cacert.org/index.php?id=19 What can CAcert provide to you, to increase your privacy and security for free?]
 
* The [https://cats.cacert.org/education_2010.crt Education Client Certificate] I should use to encrypt my request for an official "paper" certificate (to have passed the test, not a digital certificate!)<br>I copied the link here as I could not right-click on their page to save it...
 
* The [https://cats.cacert.org/education_2010.crt Education Client Certificate] I should use to encrypt my request for an official "paper" certificate (to have passed the test, not a digital certificate!)<br>I copied the link here as I could not right-click on their page to save it...
* I'm trying to get the client certificate out of Firefox/Iceweasel as it repeatedly told me "Failed to create the PKCS #12 backup file for unknown reasons"<br>I sniffed the import of the certificate from CAcert to my browser then I replayed the transaction with wget so I got the public certificate but I still need the private part to be able to import it to Thunderbird/Icedove :-(
+
* I tried to get the client certificate out of Firefox/Iceweasel as it repeatedly told me "Failed to create the PKCS #12 backup file for unknown reasons"<br>The bug is now identified and about to be solved: [http://bugs.debian.org/469079 #469079]
wget --no-check-certificate
 
--header 'Referer: https://www.cacert.org/account.php?id=6&cert=123456'
 
--header 'Cookie: cacert=12345678901234567890123456789012'
 
'https://www.cacert.org/account.php?id=6&cert=123456&install=1'
 
Mmm today it accepted me to right-click on the link to "save as...", much easier ;-)
 
   
 
* For server certificates: if using a Class 3 certificate as proposed you'll need the certificate chain file. This is just the Class 3 root certificate and the Class 1 root certificate in PEM format concatenated. Do it yourself or download it from the [http://wiki.cacert.org/wiki/SimpleApacheCert?action=AttachFile&do=get&target=CAcert_chain.pem attachments]. Store the certificate chain file in the ssl.crt directory and let's call it CAcert_chain.pem for future reference.<br>Now all that remains to be done is to correctly configure Apache's mod_ssl. To use the certificate set the following directives in your SSL-configuration:
 
* For server certificates: if using a Class 3 certificate as proposed you'll need the certificate chain file. This is just the Class 3 root certificate and the Class 1 root certificate in PEM format concatenated. Do it yourself or download it from the [http://wiki.cacert.org/wiki/SimpleApacheCert?action=AttachFile&do=get&target=CAcert_chain.pem attachments]. Store the certificate chain file in the ssl.crt directory and let's call it CAcert_chain.pem for future reference.<br>Now all that remains to be done is to correctly configure Apache's mod_ssl. To use the certificate set the following directives in your SSL-configuration:

Revision as of 20:57, 3 March 2008

Assurer

http://www.pengdows.com/images/cacert-wotseal73.gif

I'm CAcert assurer, able to attribute you up to 10 points

  • I've currently 105 points (yes I know sounds weird but the points given by a CAcert board member are not rounded to the max of 100)
  • I passed the CATS Challenge with 100% (it requires 80%, I did 84% then 84% then 88% then 100% and got bored ;-) )

Misc infos

  • For server certificates: if using a Class 3 certificate as proposed you'll need the certificate chain file. This is just the Class 3 root certificate and the Class 1 root certificate in PEM format concatenated. Do it yourself or download it from the attachments. Store the certificate chain file in the ssl.crt directory and let's call it CAcert_chain.pem for future reference.
    Now all that remains to be done is to correctly configure Apache's mod_ssl. To use the certificate set the following directives in your SSL-configuration:
SSLCertificateFile <Path to your certificate file>/example_cert.pem
SSLCertificateKeyFile <Path to your key file>/example_key.pem
SSLCertificateChainFile <Path to your chain file>/CAcert_chain.pem

Alternatives