Getting your own certificate through CAcert.org

Posted onSeptember 22, 2008 Edit on by Laura Raderman

There are multiple places to get your own certificate, but this short tutorial describes how to get one through CAcert.org, a Free (as in beer) community CA.

The screenshots below use Firefox on OS X, but any browser and any operating system will work.

The first thing you will notice when you go to CAcert.org and click “Join” is a browser security warning – this is because CAcert.org is not part of most browsers or operating systems, so you have to explicitly trust it. Go ahead and click through saying you’ll accept the certificate. For the paranoid, the SHA1 fingerprint is D1:14:00:FA:E6:8C:22:CA:A1:8F:70:CA:7A:A6:50:B9:44:6C:F1:14 and the certificate expires on 5/20/10.

Complete the “Application”, and you will receive a confirmation e-mail. You’ll need to click on the link in the e-mail within 24 hours in order to confirm your e-mail address.

CAcert.org Application
CAcert.org Application

Once you’ve gotten the confirmation message, click on “Password Login” on the right, and log in using the e-mail and password you just filled in the application. You’re now logged into the system.

On the right, click “Client Certificates”, then “New”. You’ll be able to select the e-mail address you just registered with. By default, “Enable certificate login with this certificate” is selected, and I suggest you leave it selected, so you can use your shiny new certificate.

After clicking “Next”, you’ll be asked to select the key size. “High Grade” is 2048, and I recommend it unless you have a specific reason to use 1024 (such as a very slow machine). Click on “Create Certificate Request” to start the key generation process. The web page will have your web browser generate the key pair, and then offer you a link to install your new certificate.

Installed Certificate
Installed Certificate

You now have a certificate that you can use inside your web browser (and e-mail if you used Safari or IE).

In a future entry, I’ll show you how to get the certificate out of Firefox and use it with other programs.

Each Tuesday, Security Musings features a topic to help educate our readers about security.  For more information about Gemini Security Solutions’ security education capabilities, contact us!

2 thoughts on “Getting your own certificate through CAcert.org

  1. Pingback: Security Musings » Blog Archive » Exporting a Certificate from Firefox into OS X Keychain
  2. Gary Albanez says:
    January 17, 2011 at 5:11 pm

    Seems like that you’ve got placed plenty of effort into your post and I require more of these using the web currently. I sincerely bought a kick out of your post. I do not even have a lot to say in response, I solely wished to remark to reply fantastic work.

Comments are closed.