[Trilug-announce] CAcert meeting -- how to prepare

Alan Porter porter at trilug.org
Wed Feb 4 18:01:00 EST 2009


The February TriLUG meeting is rapidly approaching (next week),
and I wanted to send out a quick note that might help you get
the most out of the talk.

First of all, some background.  What is "CAcert"?

It is a certificate authority, just like Verisign or Thawte or
GoDaddy.  You can generate certificates to use on your web
server or mail server, and they will sign it.

Many people use self-signed certificates on their web servers
and mail servers.  This provides HTTPS/IMAPS (SSL) encryption,
but it is trivial to spoof.  An attacker just sits in between
you and your server, providing you with his own self-signed
certificate.

YOU <---encrypted---> SPOOFER <---encrypted---> WEBSERVER

For this reason, on Firefox 3, you get the screen with the
yellow passport man icon saying "Secure Connection Failed".
And then they make you jump through several hoops before
you can accept the certificate and see the page.  In theory,
you're supposed to verify fingerprints and what-not, but
who does?

If you want to avoid this problem, you can get your certificate
signed by somebody: Verisign, Thawte, GoDaddy, or CAcert.

There are two main differences between these CA's:

   (1) price... CAcert is free, the others are not

   (2) ease-of use... most browsers already know who the
       other guys are, but you have to tell it who CAcert is
       (by downloading their root certificate and importing
       it into your browser).

We'll talk a lot about these points at the meeting.

BUT... if you follow these steps, you will be able to generate
your own certificates, and then have your certs signed by CAcert.

I did it today, and it was very easy.

------------------------------------------------------------------

THE STEPS -- DO THIS BEFORE THE MEETING

0) See the detailed instructions here:

   http://wiki.cacert.org/wiki/FAQ/AssuranceByCAP

   If you have a concern or spot a conflict between those
   instructions and these in this email, contact Cristóbal
   Palmer, cmp at cmpalmer.org

1) SIGN UP with CAcert here:

   https://www.cacert.org/index.php?id=1

2) PRINT out a CAP form. See here:

   http://wiki.cacert.org/wiki/FAQ/AssuranceByCAP
   Click on item #4.

3) BRING two forms appropriate government-issued ID.

   Examples: passport, id-card, driver's license

   The names should match on both.  One must have a photo,
   but both is ideal.

4) COME to the meeting! Enjoy the show! Get assured!



Alan and Cristóbal






More information about the Trilug-announce mailing list