There are multiple places to get your own certificate, but this short tutorial describes how to get one through CAcert.org, a Free (as in beer) community CA.
The screenshots below use Firefox on OS X, but any browser and any operating system will work.
The first thing you will notice when you go to CAcert.org and click “Join” is a browser security warning – this is because CAcert.org is not part of most browsers or operating systems, so you have to explicitly trust it. Go ahead and click through saying you’ll accept the certificate. For the paranoid, the SHA1 fingerprint is D1:14:00:FA:E6:8C:22:CA:A1:8F:70:CA:7A:A6:50:B9:44:6C:F1:14 and the certificate expires on 5/20/10.
Complete the “Application”, and you will receive a confirmation e-mail. You’ll need to click on the link in the e-mail within 24 hours in order to confirm your e-mail address.
Once you’ve gotten the confirmation message, click on “Password Login” on the right, and log in using the e-mail and password you just filled in the application. You’re now logged into the system.
On the right, click “Client Certificates”, then “New”. You’ll be able to select the e-mail address you just registered with. By default, “Enable certificate login with this certificate” is selected, and I suggest you leave it selected, so you can use your shiny new certificate.
After clicking “Next”, you’ll be asked to select the key size. “High Grade” is 2048, and I recommend it unless you have a specific reason to use 1024 (such as a very slow machine). Click on “Create Certificate Request” to start the key generation process. The web page will have your web browser generate the key pair, and then offer you a link to install your new certificate.
You now have a certificate that you can use inside your web browser (and e-mail if you used Safari or IE).
In a future entry, I’ll show you how to get the certificate out of Firefox and use it with other programs.
Each Tuesday, Security Musings features a topic to help educate our readers about security. For more information about Gemini Security Solutions’ security education capabilities, contact us!