[lug] CaCert

Jeremy Hinegardner jeremy at hinegardner.org
Mon Aug 27 12:08:59 MDT 2007

On Mon, Aug 27, 2007 at 11:17:41AM -0600, dio2002 at indra.com wrote:
> I recall a meeting awhile back where cacert was mentioned.
> Wondering if this is still available through the group and who, how, and
> what i need to do to get a signed cacert and how long it takes?

You can get a 6 month server cert by just proving you are the authorized
administrator of a domain.  If you want an server cert good for 2 years,
you need to to have 50 assurance points.


I and several others around here are 'assurers' and can give points to
others with a face-to-face meeting and validation that you are who you
say you are.  

> Also, i'm assuming that when one uses a cacert on a site, it will function
> like one that was signed by a known CA like verisign, meaning that most
> browsers will automagically accept the CA and approve it transparently
> without any intervention by the enduser.  Or is an end user going to be
> forced to make a decision based upon a popup dialog box?  Or is the answer
> it depends? ;-)

Not quite.  The CACert root certificate is not in all browsers.  Many
Linux distro's add it to Firefox and such, but it is not included in
Firefox to begin with, there is a process that CACert is going through
to get into Mozilla/Firefox.


Both Microsoft and Apple require a WebTrust audit to be included into
IE and Safari respectively.  A WebTrust audit is expensive, and not
really affordable for a non-profit like CACert.   At least that's what
the wiki says on this matter.

We just purchased some server SSL's for work using RapidSSL.com and our
admin said it was quite painless, and inexpensive. 



 Jeremy Hinegardner                              jeremy at hinegardner.org 

More information about the LUG mailing list