Free digital certificates!
CAcert.org is a community driven, Certificate Authority that issues certificates to the public at large for free.
"It's been a long time coming, but the wait was worthwhile, finally you are able to get security at the right price... Free!"
"For years we've all been charged high amounts of money to pay for security that doesn't and shouldn't cost the earth."
CAcert's goal is to promote awareness and education on computer security through the use of encryption, specifically with the X.509 family of standards. We have compiled a document base that has helpful hints and tips on setting up encryption with common software, and general information about Public Key Infrastructures (PKI).
For the enthusiast looking to dip their toe in the water, we have an easy way of obtaining certificates you can use with your email program. You can use these not only to encrypt, but to prove to your friends and family that your email really does come from you...
The primary goals are:
* Inclusion into mainstream browsers! * To provide a trust mechanism to go with the security aspects of encryption.
CACert on CeBit
Dear CAcert user,
after the huge success at the CeBIT 2005, CAcert will be again this year on the CeBIT 2006:
Hall 5, booth E 64/7
We still need:
- places to sleep (in and around Hannover)
- people to help at the booth
If you can help, please read further details on
SSL für Apache 1.3 einrichten
- Zertifikat, Key, CA-Zertifikat(?) usw. kopieren:
# scp ssl.crt/xyz.crt server:/etc/apache/ssl.crt/. # scp ssl.crt/abcCA.crt server:/etc/apache/ssl.crt/. # scp ssl.csr/xyz.csr server:/etc/apache/ssl.csr/. # scp ssl.key/xyz.key server:/etc/apache/ssl.key/.
- in /etc/apache/httpd.conf einfügen:
# Certificate Authority (CA): # Set the CA certificate verification path where to find CA # certificates for client authentication or alternatively one # huge file containing all of them (file must be PEM encoded) # Note: Inside SSLCACertificatePath you need hash symlinks # to point to the certificate files. Use the provided # Makefile to update the hash symlinks after changes. SSLCACertificateFile /etc/apache/ssl.crt/abcCA.crt
- domain auf bestimmte ip+port umstellen.
- bei special-vhost einstellung bei der domain einfügen:
SSLEngine on SSLCertificateFile /etc/httpd/ssl.crt/xyz.crt SSLCertificateKeyFile /etc/httpd/ssl.key/xyz.key SSLCACertificateFile /etc/httpd/ssl.crt/abcCA.crt SSLVerifyClient none <Location /> SSLRequireSSL </Location>
siehe auch: https