[lug] CaCert

Andrew Diederich andrewdied at gmail.com
Mon Aug 27 16:15:04 MDT 2007

On 8/27/07, dio2002 at indra.com <dio2002 at indra.com> wrote:
> > Not quite.  The CACert root certificate is not in all browsers.  Many
> > Linux distro's add it to Firefox and such, but it is not included in
> > Firefox to begin with, there is a process that CACert is going through
> > to get into Mozilla/Firefox.
> so is there any real benefit to cacert versus just signing my own
> certificate?  It looks like the popoup is going to come either way.  If i
> sign my own cert and set the common name to my domain, i imagine the certs
> aren't going to look that different from the user perspective nor will the
> user experience be that much different?

In theory, the user would see that it was signed by a third party,
check out the website, and add CAcert to the trusted list.  Or, they'd
use a linux distro that includes the CAcert root certs.

I've used CAcert server certs internally at a couple companies, and
for S/MIME at one, too.  I could centrally manage certificates that
way.  At this point I wouldn't use it for external uses where I'd run
into non-technical users, or for any sort of payment (stores).

Andrew Diederich

More information about the LUG mailing list