CAcert

From Openmoko

(Difference between revisions)
Jump to: navigation, search
(Client Support)
m (Category changes: -Openmoko, +Openmoko Inc)
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
= CAcert and Openmoko =
 
= CAcert and Openmoko =
  
CACert is utilized and deployed by OpenMoko on multiple systems.
+
CACert is utilized and deployed by Openmoko on multiple systems.
  
 
== Openmoko IT Infrastructure ==
 
== Openmoko IT Infrastructure ==
Line 32: Line 32:
 
** this is a common thread to the whole internet society (http://wiki.cacert.org/wiki/VhostTaskForce)
 
** this is a common thread to the whole internet society (http://wiki.cacert.org/wiki/VhostTaskForce)
 
** we use subjectAltName for multiple FQDNs. checking against this AltName might be broken with some clients.
 
** we use subjectAltName for multiple FQDNs. checking against this AltName might be broken with some clients.
 +
 +
[[Category:Openmoko Inc]]

Latest revision as of 12:29, 7 September 2008

Contents

[edit] CAcert and Openmoko

CACert is utilized and deployed by Openmoko on multiple systems.

[edit] Openmoko IT Infrastructure

On our Infrastructure we deploy CAcert Certificates on all SSL services.

Many systems have a x509 certificate signed by the CAcert class 3 Root Certificate http://www.cacert.org/index.php?id=3

[edit] Client Support

To make full use of CA Cert your client software has to now about the Root Certificate. If this certs are not in place, depending on the client you use there will be a popup telling you about security concerns or in worst case it will fail entirely.

Integrating the Root Certs to your Application is the best way to archive more reliable encryption.

Applications where you might want to import the root certificates are:

  • Webbrowser
  • Mailclients
  • svn (svn over https/DAV)
  • jabber clients
  • system wide
    • some Linux Distributions supoort /etc/ssl/certs
    • on Mac OSX use the Keychain to add Root Certs to X509Anchors

[edit] Common Problems

  • vhost webserver
Personal tools

CAcert and Openmoko

CACert is utilized and deployed by OpenMoko on multiple systems.

Openmoko IT Infrastructure

On our Infrastructure we deploy CAcert Certificates on all SSL services.

Many systems have a x509 certificate signed by the CAcert class 3 Root Certificate http://www.cacert.org/index.php?id=3

Client Support

To make full use of CA Cert your client software has to now about the Root Certificate. If this certs are not in place, depending on the client you use there will be a popup telling you about security concerns or in worst case it will fail entirely.

Integrating the Root Certs to your Application is the best way to archive more reliable encryption.

Applications where you might want to import the root certificates are:

  • Webbrowser
  • Mailclients
  • svn (svn over https/DAV)
  • jabber clients
  • system wide
    • some Linux Distributions supoort /etc/ssl/certs
    • on Mac OSX use the Keychain to add Root Certs to X509Anchors

Common Problems

  • vhost webserver