CAcert.org
   HOME

TheInfoList



OR:

CAcert.org is a community-driven certificate authority that issues free
X.509 In cryptography, X.509 is an International Telecommunication Union (ITU) standard defining the format of public key certificates. X.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secure ...
public key certificate In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the validity of a public key. The certificate includes information about the key, information about the ...
s. CAcert.org heavily relies on automation and therefore issues only Domain-validated certificates (and not
Extended validation An Extended Validation Certificate (EV) is a certificate conforming to X.509 that proves the legal entity of the owner and is signed by a certificate authority key that can issue EV certificates. EV certificates can be used in the same manner as ...
or Organization Validation certificates). These certificates can be used to digitally sign and encrypt
email Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic ( digital) version of, or counterpart to, mail, at a time when "mail" meant ...
,
code In communications and information processing, code is a system of rules to convert information—such as a letter, word, sound, image, or gesture—into another form, sometimes shortened or secret, for communication through a communication ...
, and documents, and to authenticate and authorize user connections to websites via
TLS/SSL Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securi ...
.


CAcert Inc. Association

On 24 July 2003, Duane Groth incorporated CAcert Inc. as a non-profit association registered in
New South Wales ) , nickname = , image_map = New South Wales in Australia.svg , map_caption = Location of New South Wales in AustraliaCoordinates: , subdivision_type = Country , subdivision_name = Australia , established_title = Before federation , es ...
,
Australia Australia, officially the Commonwealth of Australia, is a Sovereign state, sovereign country comprising the mainland of the Australia (continent), Australian continent, the island of Tasmania, and numerous List of islands of Australia, sma ...
. CAcert Inc runs CAcert.org—a community-driven certificate authority. In 2004, the Dutch Internet pioneer
Teus Hagen The twenty-foot equivalent unit (abbreviated TEU or teu) is an inexact unit of cargo capacity, often used for container ships and container ports.Rowlett, 2004. It is based on the volume of a intermodal container, a standard-sized metal box whic ...
became involved. He served as board member and, in 2008, as president.


Certificate Trust status

A disadvantage of CAcert.org is that its root certificates are not included in the most widely deployed certificate stores and it has to be added by its customers. As of 2021, most browsers,
email clients An email client, email reader or, more formally, message user agent (MUA) or mail user agent is a computer program used to access and manage a user's email. A web application which provides message management, composition, and reception functio ...
, and
operating systems An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also inc ...
do not automatically trust certificates issued by CAcert. Thus, users receive an "untrusted certificate" warning upon trying to view a website providing
X.509 In cryptography, X.509 is an International Telecommunication Union (ITU) standard defining the format of public key certificates. X.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secure ...
certificate issued by CAcert, or view emails authenticated with CAcert certificates in
Microsoft Outlook Microsoft Outlook is a personal information manager software system from Microsoft, available as a part of the Microsoft Office and Microsoft 365 software suites. Though primarily an email client, Outlook also includes such functions as Calen ...
, Mozilla Thunderbird, etc. CAcert uses its own certificate on its website.


Web browsers

Discussion for inclusion of CAcert root certificate in Mozilla Application Suite and
Mozilla Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current and a ...
started in 2004. Mozilla had no CA certificate policy at the time. Eventually, Mozilla developed a policy which required CAcert to improve their management system and conduct audits. In April 2007, CAcert formally withdrew its application for inclusion in the Mozilla root program. At the same time, the
CA/Browser Forum The Certification Authority Browser Forum, also known as the CA/Browser Forum, is a voluntary consortium of certification authorities, vendors of Internet browser and secure email software, operating systems, and other PKI-enabled applications th ...
was established to facilitate communication among browser vendors and Certificate Authorities. Mozilla's advice was incorporated into "Baseline Requirements" used by most major browser vendors. Progress toward meeting Mozilla and "Baseline Requirements" requirements and a new request for inclusion can hardly be expected in the near future.


Operating systems

FreeBSD FreeBSD is a free and open-source Unix-like operating system descended from the Berkeley Software Distribution (BSD), which was based on Research Unix. The first version of FreeBSD was released in 1993. In 2005, FreeBSD was the most popular ...
included CAcert's root certificate but removed it in 2008, following Mozilla's policy. In 2014, CAcert was removed from
Ubuntu Ubuntu ( ) is a Linux distribution based on Debian and composed mostly of free and open-source software. Ubuntu is officially released in three editions: ''Desktop'', ''Server'', and ''Core'' for Internet of things devices and robots. All the ...
,
Debian Debian (), also known as Debian GNU/Linux, is a Linux distribution composed of free and open-source software, developed by the community-supported Debian Project, which was established by Ian Murdock on August 16, 1993. The first version of D ...
, and
OpenBSD OpenBSD is a security-focused, free and open-source, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by forking NetBSD 1.0. According to the website, the OpenBSD project em ...
root stores. In 2018, CAcert was removed from Arch Linux. As of Feb 2022, the following operating systems or distributions include the CAcert root certificate by default: * Arch Linux *
FreeWRT OpenWrt (from ''open wireless router'') is an open-source project for embedded operating systems based on Linux, primarily used on embedded devices to route network traffic. The main components are Linux, util-linux, musl, and BusyBox. All ...
* Gentoo (app-misc/ca-certificates only when USE flag cacert is set, defaults OFF from version 20161102.3.27.2-r2 ) * GRML *
Knoppix KNOPPIX ( ) is an operating system based on Debian designed to be run directly from a CD / DVD (Live CD) or a USB flash drive (Live USB), one of the first live operating system distributions (just after Yggdrasil Linux). Knoppix was developed b ...
*
Mandriva Linux Mandriva Linux (a fusion of the French distribution Mandrake Linux and the Brazilian distribution Conectiva Linux) is a discontinued Linux distribution developed by Mandriva S.A. Each release lifetime was 18 months for base updates (Linux, syste ...
*
MirOS BSD MirOS BSD (originally called MirBSD) is a free and open source operating system which started as a fork of OpenBSD 3.1 in August 2002. It was intended to maintain the security of OpenBSD with better support for European localisation. Since then ...
* Openfire * Privatix *
Replicant A replicant is a fictional bioengineered humanoid featured in the 1982 film ''Blade Runner'' and the 2017 sequel '' Blade Runner 2049'' which is physically indistinguishable from an adult human and often possesses superhuman strength and intel ...
(Android) As of 2021, the following operating systems or distributions have an optional package with the CAcert root certificate: *
Debian Debian (), also known as Debian GNU/Linux, is a Linux distribution composed of free and open-source software, developed by the community-supported Debian Project, which was established by Ian Murdock on August 16, 1993. The first version of D ...
* openSUSE


Web of trust

To create higher-trust certificates, users can participate in a web of trust system whereby users physically meet and verify each other's identities. CAcert maintains the number of assurance points for each account. Assurance points can be gained through various means, primarily by having one's identity physically verified by users classified as "Assurers". Having more assurance points allows users more privileges such as writing a name in the certificate and longer expiration times on certificates. A user with at least 100 assurance points is a Prospective Assurer, and may—after passing an Assurer ChallengeAssurance Policy
section 2.3.
—verify other users; more assurance points allow the Assurer to assign more assurance points to others. CAcert sponsors
key signing parties In public-key cryptography, a key signing party is an event at which people present their public keys to others in person, who, if they are confident the key actually belongs to the person who claims it, digitally sign the certificate containing ...
, especially at big events such as
CeBIT CeBIT was the largest and most internationally representative computer expo. The trade fair was held each year on the Hanover fairground, the world's largest fairground, in Hanover, Germany. In its day, it was considered a barometer of cur ...
and
FOSDEM Free and Open source Software Developers' European Meeting (FOSDEM) is a non-commercial, volunteer-organized European event centered on free and open-source software development. It is aimed at developers and anyone interested in the free and ...
. As of 2021, CAcert's web of trust has over 380,000 verified users.


Root certificate descriptions

Since October 2005, CAcert offers Class 1 and Class 3 root certificates. Class 3 is a high-security subset of Class 1.


See also

*
Let's Encrypt Let's Encrypt is a non-profit certificate authority run by Internet Security Research Group (ISRG) that provides X.509 certificates for Transport Layer Security (TLS) encryption at no charge. It is the world's largest certificate authority, used ...

CAcert wiki


Further reading

* *


References

{{DEFAULTSORT:Cacert.Org Cryptography organizations Certificate authorities Transport_Layer_Security Information privacy Safety_engineering