Difference between revisions of "CAcert"

From YobiWiki
Jump to navigation Jump to search
m (Reverted edits by Etegohy (Talk) to last revision by PhilippeTeuwen)
Line 16: Line 16:
 
SSLCertificateKeyFile <Path to your key file>/example_key.pem
 
SSLCertificateKeyFile <Path to your key file>/example_key.pem
 
SSLCertificateChainFile <Path to your chain file>/CAcert_chain.pem
 
SSLCertificateChainFile <Path to your chain file>/CAcert_chain.pem
* See [http://wiki.cacert.org/wiki/VhostTaskForce#head-5868dc7fb125370f7ae8931cd77f03aeb966ad53 here] for the csr.sh script to generate proper requests
+
* See [https://wiki.cacert.org/VhostTaskForce#Easy_way_to_generate_CSRs_with_subjectAltNames here] for the [http://guillaume.romagny.free.fr/evaldo/csr.sh csr.sh] script to generate proper requests
 
* See [[Virtual_Private_Networks#Using_CACert_certificates_with_OpenVPN|Using CACert certificates with OpenVPN]]
 
* See [[Virtual_Private_Networks#Using_CACert_certificates_with_OpenVPN|Using CACert certificates with OpenVPN]]
  +
 
==old story==
 
==old story==
 
* I tried to get the client certificate out of Firefox/Iceweasel as it repeatedly told me "Failed to create the PKCS #12 backup file for unknown reasons"<br>The bug is now solved: [http://bugs.debian.org/469079 #469079]: remove libnss3 and keep only libnss3-1d<br>
 
* I tried to get the client certificate out of Firefox/Iceweasel as it repeatedly told me "Failed to create the PKCS #12 backup file for unknown reasons"<br>The bug is now solved: [http://bugs.debian.org/469079 #469079]: remove libnss3 and keep only libnss3-1d<br>

Revision as of 10:11, 11 March 2011

Assurer

http://www.pengdows.com/images/cacert-wotseal73.gif

I'm CAcert assurer, able to attribute you up to 35 points as I've 150 points

  • I passed the CATS Challenge with 100% (it requires 80%, I did 84% then 84% then 88% then 100% and got bored ;-) )

Misc infos

openssl pkcs12 -in mycert.p12 -nocerts -nodes -out mycert.key.pem
openssl pkcs12 -in mycert.p12 -clcerts -nokeys -out mycert.crt.pem
openssl pkcs12 -in mycert.p12 -cacerts -nokeys -out mycert.ca.pem
  • For server certificates: if using a Class 3 certificate as proposed you'll need the certificate chain file. This is just the Class 3 root certificate and the Class 1 root certificate in PEM format concatenated. Do it yourself or download it from the attachments. Store the certificate chain file in the ssl.crt directory and let's call it CAcert_chain.pem for future reference.
    Now all that remains to be done is to correctly configure Apache's mod_ssl. To use the certificate set the following directives in your SSL-configuration:
SSLCertificateFile <Path to your certificate file>/example_cert.pem
SSLCertificateKeyFile <Path to your key file>/example_key.pem
SSLCertificateChainFile <Path to your chain file>/CAcert_chain.pem

old story

  • I tried to get the client certificate out of Firefox/Iceweasel as it repeatedly told me "Failed to create the PKCS #12 backup file for unknown reasons"
    The bug is now solved: #469079: remove libnss3 and keep only libnss3-1d

Alternatives