Difference between revisions of "CAcert"
Jump to navigation
Jump to search
m (→Misc infos) |
m (→Misc infos) |
||
| Line 9: | Line 9: | ||
* [http://www.cacert.org/index.php?id=19 What can CAcert provide to you, to increase your privacy and security for free?] |
* [http://www.cacert.org/index.php?id=19 What can CAcert provide to you, to increase your privacy and security for free?] |
||
* The [https://cats.cacert.org/education_2010.crt Education Client Certificate] I should use to encrypt my request for an official "paper" certificate (to have passed the test, not a digital certificate!)<br>I copied the link here as I could not right-click on their page to save it... |
* The [https://cats.cacert.org/education_2010.crt Education Client Certificate] I should use to encrypt my request for an official "paper" certificate (to have passed the test, not a digital certificate!)<br>I copied the link here as I could not right-click on their page to save it... |
||
| − | * I tried to get the client certificate out of Firefox/Iceweasel as it repeatedly told me "Failed to create the PKCS #12 backup file for unknown reasons"<br>The bug is now identified and about to be solved: [http://bugs.debian.org/469079 #469079]: remove libnss3 and keep only libnss3-1d |
+ | * I tried to get the client certificate out of Firefox/Iceweasel as it repeatedly told me "Failed to create the PKCS #12 backup file for unknown reasons"<br>The bug is now identified and about to be solved: [http://bugs.debian.org/469079 #469079]: remove libnss3 and keep only libnss3-1d<br>To convert it to PEM (here example without pwd for the key!) |
| + | openssl pkcs12 -in mycert.p12 -nocerts -nodes -out mycert.key.pem |
||
| − | |||
| + | openssl pkcs12 -in mycert.p12 -clcerts -nokeys -out mycert.crt.pem |
||
| + | openssl pkcs12 -in mycert.p12 -cacerts -nokeys -out mycert.ca.pem |
||
* For server certificates: if using a Class 3 certificate as proposed you'll need the certificate chain file. This is just the Class 3 root certificate and the Class 1 root certificate in PEM format concatenated. Do it yourself or download it from the [http://wiki.cacert.org/wiki/SimpleApacheCert?action=AttachFile&do=get&target=CAcert_chain.pem attachments]. Store the certificate chain file in the ssl.crt directory and let's call it CAcert_chain.pem for future reference.<br>Now all that remains to be done is to correctly configure Apache's mod_ssl. To use the certificate set the following directives in your SSL-configuration: |
* For server certificates: if using a Class 3 certificate as proposed you'll need the certificate chain file. This is just the Class 3 root certificate and the Class 1 root certificate in PEM format concatenated. Do it yourself or download it from the [http://wiki.cacert.org/wiki/SimpleApacheCert?action=AttachFile&do=get&target=CAcert_chain.pem attachments]. Store the certificate chain file in the ssl.crt directory and let's call it CAcert_chain.pem for future reference.<br>Now all that remains to be done is to correctly configure Apache's mod_ssl. To use the certificate set the following directives in your SSL-configuration: |
||
SSLCertificateFile <Path to your certificate file>/example_cert.pem |
SSLCertificateFile <Path to your certificate file>/example_cert.pem |
||
Revision as of 14:40, 18 May 2008
Assurer
http://www.pengdows.com/images/cacert-wotseal73.gif
I'm CAcert assurer, able to attribute you up to 10 points
- I've currently 107 points
- I passed the CATS Challenge with 100% (it requires 80%, I did 84% then 84% then 88% then 100% and got bored ;-) )
Misc infos
- What can CAcert provide to you, to increase your privacy and security for free?
- The Education Client Certificate I should use to encrypt my request for an official "paper" certificate (to have passed the test, not a digital certificate!)
I copied the link here as I could not right-click on their page to save it... - I tried to get the client certificate out of Firefox/Iceweasel as it repeatedly told me "Failed to create the PKCS #12 backup file for unknown reasons"
The bug is now identified and about to be solved: #469079: remove libnss3 and keep only libnss3-1d
To convert it to PEM (here example without pwd for the key!)
openssl pkcs12 -in mycert.p12 -nocerts -nodes -out mycert.key.pem openssl pkcs12 -in mycert.p12 -clcerts -nokeys -out mycert.crt.pem openssl pkcs12 -in mycert.p12 -cacerts -nokeys -out mycert.ca.pem
- For server certificates: if using a Class 3 certificate as proposed you'll need the certificate chain file. This is just the Class 3 root certificate and the Class 1 root certificate in PEM format concatenated. Do it yourself or download it from the attachments. Store the certificate chain file in the ssl.crt directory and let's call it CAcert_chain.pem for future reference.
Now all that remains to be done is to correctly configure Apache's mod_ssl. To use the certificate set the following directives in your SSL-configuration:
SSLCertificateFile <Path to your certificate file>/example_cert.pem SSLCertificateKeyFile <Path to your key file>/example_key.pem SSLCertificateChainFile <Path to your chain file>/CAcert_chain.pem