SSL and CAcert.org
Saturday, April 19th, 2008Today I spent some time trying to understand SSL certificates and how I could implement SSL on my web sites. Some googling later gave me some interessting tips regarding using CAcert and Apache2.
So, signing up as a user at CAcert, I was able to get my certificates signed by CAcert by simple web clicks. One thing to notice about CAcert is that they are not shipped as an CA in most web browser. This means that if you implement your CAcert signed certificate in your Apache2 web server, and visits your website with Firefox (via HTTPS) you will receive a notification stating that your certificate is not signed by any know authorities. What you will need is to import CAcert.org root certificate to make the browser able to verifi the certificates.
What does CAcert.org have in constrast to other CA’s around the world? Well, its a free service, so you don’t need to pay expensive fees to get your certificates signed. This is the most attractive feature. One downside has already been mentioned here, that the root certificate is not already in most browsers, so one has to import them manually. If you want to provide your webpages through HTTPS, I would absolutely recommend you to have a look at CAcert.org. For tutorials and guides for how to use CAcert.org with Apache, take a look at the http://wiki.cacert.org page.
Some links:
- http://wiki.cacert.org/wiki/SimpleApacheCert
- http://wiki.cacert.org/wiki/CSRGenerator