[TriLUG] CACert

Brian McCullough bdmc at bdmcc-us.com
Wed Jun 22 12:37:48 EDT 2005


Some of you may remember Jon Carnes mentioning CACert.org several months
( a year? ) ago.

Since then, several changes have taken place, among them the ability to
support the subjectAltName field in server certificates. ( see
http://blog.cacert.org/?p=37 for details )  This field allows you to
have a single certificate for a server that may be known by multiple 
domain names or variations, responding correctly in Firefox and IE, at 
least.  There are still questions about Apache VHosts, though. ( for
example, trilug.org, *.trilug.org, trilug.com, *.trilug.com, trilug.net
and *.trilug.net can all share a single certificate )


On another note, I have fully completed my registration in the CACert
Web of Trust, similar to the PGP and Thawte WoT programs.
Unfortunately, a single member of the WoT cannot provide enough points
to someone to allow them full control over their certificates ( names,
organizations, etc. ).  As well, there is a move afoot ( pushed by
Mozilla and other browser people ) to not allow "unsure" server
certificates.  That is, without the required number of WoT points CACert
will not issue a server certificate at all.  Today, like the Thawte Free
E-Mail certificates, the certificate is issued without a real
CommonName.

Where this is going is that I am looking for more people who would like
to become members of the CACert Web of Trust, so that interested
certificate holders will have the abillity to acquire enough points 
easily in this area to, shall we say, sign their certificates.  The
process is an easy, face-to-face meeting, using a form available on the
CACert.org site.

If anybody has any further questions, please feel free to ask, either
here or directly.


Brian


P.S. Sorry, Aaron, I tried to keep it down.

B-)



More information about the TriLUG mailing list