cacert - a community-driven certification authority - opensistemas
DESCRIPTION
TRANSCRIPT
![Page 1: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/1.jpg)
CACertA Community-driven Certification Authority
Juanjo Amor
29 Abril 2011
Juanjo Amor CACert
![Page 2: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/2.jpg)
(cc) 2011 Juanjo Amor and WikipediaSome rights reserved. This work licensed under Creative CommonsAttribution-ShareAlike License. To view a copy of full license, see
http://creativecommons.org/licenses/by-sa/3.0/ or write toCreative Commons, 559 Nathan Abbott Way, Stanford,
California 94305, USA.
Juanjo Amor CACert
![Page 3: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/3.jpg)
Index
Juanjo Amor CACert
![Page 4: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/4.jpg)
About Opensistemas
Opensistemas is an international company
highly
specialized in offering global IT solutions based
onOpen Source andLinux platforms.
Juanjo Amor CACert
![Page 5: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/5.jpg)
About Opensistemas
Opensistemas is an international company highly
specialized
in offering global IT solutions based
onOpen Source andLinux platforms.
Juanjo Amor CACert
![Page 6: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/6.jpg)
About Opensistemas
Opensistemas is an international company highly
specialized in offering global IT solutions
based
onOpen Source andLinux platforms.
Juanjo Amor CACert
![Page 7: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/7.jpg)
About Opensistemas
Opensistemas is an international company highly
specialized in offering global IT solutions based
onOpen Source andLinux platforms.
Juanjo Amor CACert
![Page 8: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/8.jpg)
About Opensistemas
Our Vision:
To become the international leader in OpenSource Technologies.
Our Mission: Apply our knowledge of the opportunities offeredby Open Source to deliver effective solutions and innovation toour customers while promoting the professional developmentof our employees and building value for shareholders.
Our Values:
Deliver effective solutiosn to our customers.Corporate social responsibility.Commitment to Open Source.Ethics and Respect for individuals.Research and Innovation.Teamwork.Commitment to the development of a society connected byinformation and knowledge.
Juanjo Amor CACert
![Page 9: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/9.jpg)
About Opensistemas
Our Vision: To become the international leader in OpenSource Technologies.
Our Mission: Apply our knowledge of the opportunities offeredby Open Source to deliver effective solutions and innovation toour customers while promoting the professional developmentof our employees and building value for shareholders.
Our Values:
Deliver effective solutiosn to our customers.Corporate social responsibility.Commitment to Open Source.Ethics and Respect for individuals.Research and Innovation.Teamwork.Commitment to the development of a society connected byinformation and knowledge.
Juanjo Amor CACert
![Page 10: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/10.jpg)
About Opensistemas
Our Vision: To become the international leader in OpenSource Technologies.
Our Mission:
Apply our knowledge of the opportunities offeredby Open Source to deliver effective solutions and innovation toour customers while promoting the professional developmentof our employees and building value for shareholders.
Our Values:
Deliver effective solutiosn to our customers.Corporate social responsibility.Commitment to Open Source.Ethics and Respect for individuals.Research and Innovation.Teamwork.Commitment to the development of a society connected byinformation and knowledge.
Juanjo Amor CACert
![Page 11: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/11.jpg)
About Opensistemas
Our Vision: To become the international leader in OpenSource Technologies.
Our Mission: Apply our knowledge of the opportunities offeredby Open Source to deliver effective solutions and innovation toour customers while promoting the professional developmentof our employees and building value for shareholders.
Our Values:
Deliver effective solutiosn to our customers.Corporate social responsibility.Commitment to Open Source.Ethics and Respect for individuals.Research and Innovation.Teamwork.Commitment to the development of a society connected byinformation and knowledge.
Juanjo Amor CACert
![Page 12: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/12.jpg)
About Opensistemas
Our Vision: To become the international leader in OpenSource Technologies.
Our Mission: Apply our knowledge of the opportunities offeredby Open Source to deliver effective solutions and innovation toour customers while promoting the professional developmentof our employees and building value for shareholders.
Our Values:
Deliver effective solutiosn to our customers.Corporate social responsibility.Commitment to Open Source.Ethics and Respect for individuals.Research and Innovation.Teamwork.Commitment to the development of a society connected byinformation and knowledge.
Juanjo Amor CACert
![Page 13: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/13.jpg)
About Opensistemas
Our Vision: To become the international leader in OpenSource Technologies.
Our Mission: Apply our knowledge of the opportunities offeredby Open Source to deliver effective solutions and innovation toour customers while promoting the professional developmentof our employees and building value for shareholders.
Our Values:
Deliver effective solutiosn to our customers.Corporate social responsibility.Commitment to Open Source.Ethics and Respect for individuals.Research and Innovation.Teamwork.Commitment to the development of a society connected byinformation and knowledge.
Juanjo Amor CACert
![Page 14: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/14.jpg)
About Opensistemas
Our Markets
Juanjo Amor CACert
![Page 15: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/15.jpg)
About Opensistemas
Our Partners
Juanjo Amor CACert
![Page 16: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/16.jpg)
About Opensistemas
Opensistemas is present in nine locations over five countries: Spain
(Madrid, Valencia, Barcelona, Sevilla, Zaragoza), Chile (Santiago),
Colombia (Bogota), United Kingdom (London) and China (Shanghai).
Juanjo Amor CACert
![Page 17: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/17.jpg)
About Opensistemas
Contact Informationwww.opensistemas.com
+34 902 107 396
Juanjo Amor CACert
![Page 18: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/18.jpg)
Index
Juanjo Amor CACert
![Page 19: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/19.jpg)
PKI concepts
PKI meaning...
PKI = Public Key Infrastructure
a set of hardware, software, people, policies, and proceduresneeded to create, manage, distribute, use, store, and revokedigital certificates
PKI components...
CA = Certification Authority
RA = Registration Authority
VA = Validation Authority
Public keys (person, server and authority certificates)
Policies and procedures
Juanjo Amor CACert
![Page 20: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/20.jpg)
PKI concepts
PKI meaning...
PKI = Public Key Infrastructure
a set of hardware, software, people, policies, and proceduresneeded to create, manage, distribute, use, store, and revokedigital certificates
PKI components...
CA = Certification Authority
RA = Registration Authority
VA = Validation Authority
Public keys (person, server and authority certificates)
Policies and procedures
Juanjo Amor CACert
![Page 21: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/21.jpg)
PKI concepts
PKI meaning...
PKI = Public Key Infrastructure
a set of hardware, software, people, policies, and proceduresneeded to create, manage, distribute, use, store, and revokedigital certificates
PKI components...
CA = Certification Authority
RA = Registration Authority
VA = Validation Authority
Public keys (person, server and authority certificates)
Policies and procedures
Juanjo Amor CACert
![Page 22: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/22.jpg)
PKI concepts
PKI meaning...
PKI = Public Key Infrastructure
a set of hardware, software, people, policies, and proceduresneeded to create, manage, distribute, use, store, and revokedigital certificates
PKI components...
CA = Certification Authority
RA = Registration Authority
VA = Validation Authority
Public keys (person, server and authority certificates)
Policies and procedures
Juanjo Amor CACert
![Page 23: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/23.jpg)
PKI concepts
PKI meaning...
PKI = Public Key Infrastructure
a set of hardware, software, people, policies, and proceduresneeded to create, manage, distribute, use, store, and revokedigital certificates
PKI components...
CA = Certification Authority
RA = Registration Authority
VA = Validation Authority
Public keys (person, server and authority certificates)
Policies and procedures
Juanjo Amor CACert
![Page 24: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/24.jpg)
PKI concepts
PKI meaning...
PKI = Public Key Infrastructure
a set of hardware, software, people, policies, and proceduresneeded to create, manage, distribute, use, store, and revokedigital certificates
PKI components...
CA = Certification Authority
RA = Registration Authority
VA = Validation Authority
Public keys (person, server and authority certificates)
Policies and procedures
Juanjo Amor CACert
![Page 25: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/25.jpg)
PKI concepts
PKI meaning...
PKI = Public Key Infrastructure
a set of hardware, software, people, policies, and proceduresneeded to create, manage, distribute, use, store, and revokedigital certificates
PKI components...
CA = Certification Authority
RA = Registration Authority
VA = Validation Authority
Public keys (person, server and authority certificates)
Policies and procedures
Juanjo Amor CACert
![Page 26: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/26.jpg)
PKI concepts
PKI meaning...
PKI = Public Key Infrastructure
a set of hardware, software, people, policies, and proceduresneeded to create, manage, distribute, use, store, and revokedigital certificates
PKI components...
CA = Certification Authority
RA = Registration Authority
VA = Validation Authority
Public keys (person, server and authority certificates)
Policies and procedures
Juanjo Amor CACert
![Page 27: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/27.jpg)
PKI concepts
PKI meaning...
PKI = Public Key Infrastructure
a set of hardware, software, people, policies, and proceduresneeded to create, manage, distribute, use, store, and revokedigital certificates
PKI components...
CA = Certification Authority
RA = Registration Authority
VA = Validation Authority
Public keys (person, server and authority certificates)
Policies and procedures
Juanjo Amor CACert
![Page 28: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/28.jpg)
PKI
diagram of a public key infrastructure
Juanjo Amor CACert
![Page 29: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/29.jpg)
PKI example 1: Standard CA
Standard CAs such as Thawte, Verisign...
CA: Joins the CA, RA, VA.
Our navigator trusts in signed certificates by that CA
The certificate chain informs browser about VA
Example: Try to get certificate information by using Thawte SSLCa
Juanjo Amor CACert
![Page 30: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/30.jpg)
PKI example 1: Standard CA
Standard CAs such as Thawte, Verisign...
CA: Joins the CA, RA, VA.
Our navigator trusts in signed certificates by that CA
The certificate chain informs browser about VA
Example: Try to get certificate information by using Thawte SSLCa
Juanjo Amor CACert
![Page 31: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/31.jpg)
PKI example 1: Standard CA
Standard CAs such as Thawte, Verisign...
CA: Joins the CA, RA, VA.
Our navigator trusts in signed certificates by that CA
The certificate chain informs browser about VA
Example: Try to get certificate information by using Thawte SSLCa
Juanjo Amor CACert
![Page 32: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/32.jpg)
PKI example 1: Standard CA
Standard CAs such as Thawte, Verisign...
CA: Joins the CA, RA, VA.
Our navigator trusts in signed certificates by that CA
The certificate chain informs browser about VA
Example: Try to get certificate information by using Thawte SSLCa
Juanjo Amor CACert
![Page 33: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/33.jpg)
PKI example 1: Standard CA
Standard CAs such as Thawte, Verisign...
CA: Joins the CA, RA, VA.
Our navigator trusts in signed certificates by that CA
The certificate chain informs browser about VA
Example: Try to get certificate information by using Thawte SSLCa
Juanjo Amor CACert
![Page 34: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/34.jpg)
PKI example 2: The FNMT CA
Spanish FNMT CA
CA: Joins CA and VA.
RA: Delegated to other institutions such as AEAT, citycouncils...
CA certificate is not directly recognized by standard browsersso we should import CA certificates into it.
This is one of first certificates acknowledged for legallyidentifying people or enterprises in Spain.
Example: Import FNMT certificate and then get its information.
Juanjo Amor CACert
![Page 35: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/35.jpg)
PKI example 2: The FNMT CA
Spanish FNMT CA
CA: Joins CA and VA.
RA: Delegated to other institutions such as AEAT, citycouncils...
CA certificate is not directly recognized by standard browsersso we should import CA certificates into it.
This is one of first certificates acknowledged for legallyidentifying people or enterprises in Spain.
Example: Import FNMT certificate and then get its information.
Juanjo Amor CACert
![Page 36: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/36.jpg)
PKI example 2: The FNMT CA
Spanish FNMT CA
CA: Joins CA and VA.
RA: Delegated to other institutions such as AEAT, citycouncils...
CA certificate is not directly recognized by standard browsersso we should import CA certificates into it.
This is one of first certificates acknowledged for legallyidentifying people or enterprises in Spain.
Example: Import FNMT certificate and then get its information.
Juanjo Amor CACert
![Page 37: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/37.jpg)
PKI example 2: The FNMT CA
Spanish FNMT CA
CA: Joins CA and VA.
RA: Delegated to other institutions such as AEAT, citycouncils...
CA certificate is not directly recognized by standard browsers
so we should import CA certificates into it.
This is one of first certificates acknowledged for legallyidentifying people or enterprises in Spain.
Example: Import FNMT certificate and then get its information.
Juanjo Amor CACert
![Page 38: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/38.jpg)
PKI example 2: The FNMT CA
Spanish FNMT CA
CA: Joins CA and VA.
RA: Delegated to other institutions such as AEAT, citycouncils...
CA certificate is not directly recognized by standard browsersso we should import CA certificates into it.
This is one of first certificates acknowledged for legallyidentifying people or enterprises in Spain.
Example: Import FNMT certificate and then get its information.
Juanjo Amor CACert
![Page 39: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/39.jpg)
PKI example 2: The FNMT CA
Spanish FNMT CA
CA: Joins CA and VA.
RA: Delegated to other institutions such as AEAT, citycouncils...
CA certificate is not directly recognized by standard browsersso we should import CA certificates into it.
This is one of first certificates acknowledged for legallyidentifying people or enterprises in Spain.
Example: Import FNMT certificate and then get its information.
Juanjo Amor CACert
![Page 40: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/40.jpg)
PKI example 2: The FNMT CA
Spanish FNMT CA
CA: Joins CA and VA.
RA: Delegated to other institutions such as AEAT, citycouncils...
CA certificate is not directly recognized by standard browsersso we should import CA certificates into it.
This is one of first certificates acknowledged for legallyidentifying people or enterprises in Spain.
Example: Import FNMT certificate and then get its information.
Juanjo Amor CACert
![Page 41: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/41.jpg)
PKI example 3: The DGP CA
Spanish DGP (Police) CA
CA: At DGP headquarters
RA: At DGP DNIe offices
VA: Delegated to third parties (FNMT, for example)
This is the CA for spanish electronic ID (DNIe). Alsoacknowledged for legally identifying people.
Example: Import DGP certificate and then get its information.
Juanjo Amor CACert
![Page 42: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/42.jpg)
PKI example 3: The DGP CA
Spanish DGP (Police) CA
CA: At DGP headquarters
RA: At DGP DNIe offices
VA: Delegated to third parties (FNMT, for example)
This is the CA for spanish electronic ID (DNIe). Alsoacknowledged for legally identifying people.
Example: Import DGP certificate and then get its information.
Juanjo Amor CACert
![Page 43: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/43.jpg)
PKI example 3: The DGP CA
Spanish DGP (Police) CA
CA: At DGP headquarters
RA: At DGP DNIe offices
VA: Delegated to third parties (FNMT, for example)
This is the CA for spanish electronic ID (DNIe). Alsoacknowledged for legally identifying people.
Example: Import DGP certificate and then get its information.
Juanjo Amor CACert
![Page 44: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/44.jpg)
PKI example 3: The DGP CA
Spanish DGP (Police) CA
CA: At DGP headquarters
RA: At DGP DNIe offices
VA: Delegated to third parties (FNMT, for example)
This is the CA for spanish electronic ID (DNIe). Alsoacknowledged for legally identifying people.
Example: Import DGP certificate and then get its information.
Juanjo Amor CACert
![Page 45: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/45.jpg)
PKI example 3: The DGP CA
Spanish DGP (Police) CA
CA: At DGP headquarters
RA: At DGP DNIe offices
VA: Delegated to third parties (FNMT, for example)
This is the CA for spanish electronic ID (DNIe). Alsoacknowledged for legally identifying people.
Example: Import DGP certificate and then get its information.
Juanjo Amor CACert
![Page 46: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/46.jpg)
PKI example 3: The DGP CA
Spanish DGP (Police) CA
CA: At DGP headquarters
RA: At DGP DNIe offices
VA: Delegated to third parties (FNMT, for example)
This is the CA for spanish electronic ID (DNIe). Alsoacknowledged for legally identifying people.
Example: Import DGP certificate and then get its information.
Juanjo Amor CACert
![Page 47: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/47.jpg)
Web of Trust
Web of trust
Concept created by PGP creator.
Instead of having a “central” CA, we can build a trustnetwork of signed public keys.
If A signs B, and C trust A, then C could trust B.
CACert uses a variant of trust network...
Juanjo Amor CACert
![Page 48: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/48.jpg)
Web of Trust
Web of trust
Concept created by PGP creator.
Instead of having a “central” CA, we can build a trustnetwork of signed public keys.
If A signs B, and C trust A, then C could trust B.
CACert uses a variant of trust network...
Juanjo Amor CACert
![Page 49: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/49.jpg)
Web of Trust
Web of trust
Concept created by PGP creator.
Instead of having a “central” CA, we can build a trustnetwork of signed public keys.
If A signs B, and C trust A, then C could trust B.
CACert uses a variant of trust network...
Juanjo Amor CACert
![Page 50: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/50.jpg)
Web of Trust
Web of trust
Concept created by PGP creator.
Instead of having a “central” CA, we can build a trustnetwork of signed public keys.
If A signs B, and C trust A, then C could trust B.
CACert uses a variant of trust network...
Juanjo Amor CACert
![Page 51: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/51.jpg)
Web of Trust
Web of trust
Concept created by PGP creator.
Instead of having a “central” CA, we can build a trustnetwork of signed public keys.
If A signs B, and C trust A, then C could trust B.
CACert uses a variant of trust network...
Juanjo Amor CACert
![Page 52: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/52.jpg)
Index
Juanjo Amor CACert
![Page 53: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/53.jpg)
CACert PKI
What is CACERT?
A community-driven certificate authority.
CACERT issues public key certificates to public (server,people) freely.
Robot CA: Certificates are automatically signed. Thesecertificates are considered weak because CAcert does not emitany information in the certificates other than the domainname or email address (the CommonName field in X.509certificates).
Web of trust: Meetings, Assurance points, ProspectiveAssurers and Assures.
Assured users can get, for example, email certificates with acomplete CommonName field.
Juanjo Amor CACert
![Page 54: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/54.jpg)
CACert PKI
What is CACERT?
A community-driven certificate authority.
CACERT issues public key certificates to public (server,people) freely.
Robot CA: Certificates are automatically signed. Thesecertificates are considered weak because CAcert does not emitany information in the certificates other than the domainname or email address (the CommonName field in X.509certificates).
Web of trust: Meetings, Assurance points, ProspectiveAssurers and Assures.
Assured users can get, for example, email certificates with acomplete CommonName field.
Juanjo Amor CACert
![Page 55: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/55.jpg)
CACert PKI
What is CACERT?
A community-driven certificate authority.
CACERT issues public key certificates to public (server,people) freely.
Robot CA: Certificates are automatically signed. Thesecertificates are considered weak because CAcert does not emitany information in the certificates other than the domainname or email address (the CommonName field in X.509certificates).
Web of trust: Meetings, Assurance points, ProspectiveAssurers and Assures.
Assured users can get, for example, email certificates with acomplete CommonName field.
Juanjo Amor CACert
![Page 56: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/56.jpg)
CACert PKI
What is CACERT?
A community-driven certificate authority.
CACERT issues public key certificates to public (server,people) freely.
Robot CA:
Certificates are automatically signed. Thesecertificates are considered weak because CAcert does not emitany information in the certificates other than the domainname or email address (the CommonName field in X.509certificates).
Web of trust: Meetings, Assurance points, ProspectiveAssurers and Assures.
Assured users can get, for example, email certificates with acomplete CommonName field.
Juanjo Amor CACert
![Page 57: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/57.jpg)
CACert PKI
What is CACERT?
A community-driven certificate authority.
CACERT issues public key certificates to public (server,people) freely.
Robot CA: Certificates are automatically signed.
Thesecertificates are considered weak because CAcert does not emitany information in the certificates other than the domainname or email address (the CommonName field in X.509certificates).
Web of trust: Meetings, Assurance points, ProspectiveAssurers and Assures.
Assured users can get, for example, email certificates with acomplete CommonName field.
Juanjo Amor CACert
![Page 58: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/58.jpg)
CACert PKI
What is CACERT?
A community-driven certificate authority.
CACERT issues public key certificates to public (server,people) freely.
Robot CA: Certificates are automatically signed. Thesecertificates are considered weak because CAcert does not emitany information in the certificates other than the domainname or email address (the CommonName field in X.509certificates).
Web of trust: Meetings, Assurance points, ProspectiveAssurers and Assures.
Assured users can get, for example, email certificates with acomplete CommonName field.
Juanjo Amor CACert
![Page 59: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/59.jpg)
CACert PKI
What is CACERT?
A community-driven certificate authority.
CACERT issues public key certificates to public (server,people) freely.
Robot CA: Certificates are automatically signed. Thesecertificates are considered weak because CAcert does not emitany information in the certificates other than the domainname or email address (the CommonName field in X.509certificates).
Web of trust:
Meetings, Assurance points, ProspectiveAssurers and Assures.
Assured users can get, for example, email certificates with acomplete CommonName field.
Juanjo Amor CACert
![Page 60: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/60.jpg)
CACert PKI
What is CACERT?
A community-driven certificate authority.
CACERT issues public key certificates to public (server,people) freely.
Robot CA: Certificates are automatically signed. Thesecertificates are considered weak because CAcert does not emitany information in the certificates other than the domainname or email address (the CommonName field in X.509certificates).
Web of trust: Meetings, Assurance points, ProspectiveAssurers and Assures.
Assured users can get, for example, email certificates with acomplete CommonName field.
Juanjo Amor CACert
![Page 61: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/61.jpg)
CACert PKI
What is CACERT?
A community-driven certificate authority.
CACERT issues public key certificates to public (server,people) freely.
Robot CA: Certificates are automatically signed. Thesecertificates are considered weak because CAcert does not emitany information in the certificates other than the domainname or email address (the CommonName field in X.509certificates).
Web of trust: Meetings, Assurance points, ProspectiveAssurers and Assures.
Assured users can get, for example, email certificates with acomplete CommonName field.
Juanjo Amor CACert
![Page 62: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/62.jpg)
CACert inclusion status
Can we use CACert server certificates with some browser?
Yes, we can import CA certificate and go. . .
Yes, my Linux distro (Debian, etc) includes CA certificate inca-certificates package.
No, my browser does not recognize the certificates and Icannot trust to a strange CA.crt file! (Like a self-signedcertificate)
Although Mozilla started a process to include the certificate,an audit suspended the process, because CACert needed toimprove their management system.
Juanjo Amor CACert
![Page 63: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/63.jpg)
CACert inclusion status
Can we use CACert server certificates with some browser?
Yes, we can import CA certificate and go. . .
Yes, my Linux distro (Debian, etc) includes CA certificate inca-certificates package.
No, my browser does not recognize the certificates and Icannot trust to a strange CA.crt file! (Like a self-signedcertificate)
Although Mozilla started a process to include the certificate,an audit suspended the process, because CACert needed toimprove their management system.
Juanjo Amor CACert
![Page 64: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/64.jpg)
CACert inclusion status
Can we use CACert server certificates with some browser?
Yes, we can import CA certificate and go. . .
Yes, my Linux distro (Debian, etc) includes CA certificate inca-certificates package.
No, my browser does not recognize the certificates and Icannot trust to a strange CA.crt file! (Like a self-signedcertificate)
Although Mozilla started a process to include the certificate,an audit suspended the process, because CACert needed toimprove their management system.
Juanjo Amor CACert
![Page 65: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/65.jpg)
CACert inclusion status
Can we use CACert server certificates with some browser?
Yes, we can import CA certificate and go. . .
Yes, my Linux distro (Debian, etc) includes CA certificate inca-certificates package.
No, my browser does not recognize the certificates and Icannot trust to a strange CA.crt file! (Like a self-signedcertificate)
Although Mozilla started a process to include the certificate,an audit suspended the process, because CACert needed toimprove their management system.
Juanjo Amor CACert
![Page 66: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/66.jpg)
CACert inclusion status
Can we use CACert server certificates with some browser?
Yes, we can import CA certificate and go. . .
Yes, my Linux distro (Debian, etc) includes CA certificate inca-certificates package.
No, my browser does not recognize the certificates and Icannot trust to a strange CA.crt file! (Like a self-signedcertificate)
Although Mozilla started a process to include the certificate,an audit suspended the process, because CACert needed toimprove their management system.
Juanjo Amor CACert
![Page 67: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/67.jpg)
CACert web of trust
When you create a new CACert account:
Only your email can be verified
By meeting other CACert assurers you can get some points:
for including your real name to your account,
to generate better certificates, and finally,
to be also a CACert assurer.
Juanjo Amor CACert
![Page 68: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/68.jpg)
CACert web of trust
When you create a new CACert account:
Only your email can be verified
By meeting other CACert assurers you can get some points:
for including your real name to your account,
to generate better certificates, and finally,
to be also a CACert assurer.
Juanjo Amor CACert
![Page 69: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/69.jpg)
CACert web of trust
When you create a new CACert account:
Only your email can be verified
By meeting other CACert assurers you can get some points:
for including your real name to your account,
to generate better certificates, and finally,
to be also a CACert assurer.
Juanjo Amor CACert
![Page 70: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/70.jpg)
CACert web of trust
When you create a new CACert account:
Only your email can be verified
By meeting other CACert assurers you can get some points:
for including your real name to your account,
to generate better certificates, and finally,
to be also a CACert assurer.
Juanjo Amor CACert
![Page 71: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/71.jpg)
CACert web of trust
When you create a new CACert account:
Only your email can be verified
By meeting other CACert assurers you can get some points:
for including your real name to your account,
to generate better certificates, and finally,
to be also a CACert assurer.
Juanjo Amor CACert
![Page 72: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/72.jpg)
CACert web of trust
When you create a new CACert account:
Only your email can be verified
By meeting other CACert assurers you can get some points:
for including your real name to your account,
to generate better certificates, and finally,
to be also a CACert assurer.
Juanjo Amor CACert
![Page 73: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/73.jpg)
CACert web of trust
Some rules:
An assurer can issue you upto 35 points.
You need at least 50 points to have your full name assured. . . so you need to be assured by, at least, two existing assurers
With 100 points you can also be an assurer
. . . but you also need to pass an “assurer challenge”
More rules: When you are promoted to assurer:
Initially, you can issue 10 points to other people, and get 2experience points when you assure somebody
After you got 10 experience points, then you can issue 15points to others . . .
When you got 50 experience points, then you can issue toothers the maximum per session: 35 points
But in any case, you can, if you want, to issue less points thanyour maximum
Juanjo Amor CACert
![Page 74: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/74.jpg)
CACert web of trust
Some rules:
An assurer can issue you upto 35 points.
You need at least 50 points to have your full name assured. . . so you need to be assured by, at least, two existing assurers
With 100 points you can also be an assurer
. . . but you also need to pass an “assurer challenge”
More rules: When you are promoted to assurer:
Initially, you can issue 10 points to other people, and get 2experience points when you assure somebody
After you got 10 experience points, then you can issue 15points to others . . .
When you got 50 experience points, then you can issue toothers the maximum per session: 35 points
But in any case, you can, if you want, to issue less points thanyour maximum
Juanjo Amor CACert
![Page 75: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/75.jpg)
CACert web of trust
Some rules:
An assurer can issue you upto 35 points.
You need at least 50 points to have your full name assured. . .
so you need to be assured by, at least, two existing assurers
With 100 points you can also be an assurer
. . . but you also need to pass an “assurer challenge”
More rules: When you are promoted to assurer:
Initially, you can issue 10 points to other people, and get 2experience points when you assure somebody
After you got 10 experience points, then you can issue 15points to others . . .
When you got 50 experience points, then you can issue toothers the maximum per session: 35 points
But in any case, you can, if you want, to issue less points thanyour maximum
Juanjo Amor CACert
![Page 76: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/76.jpg)
CACert web of trust
Some rules:
An assurer can issue you upto 35 points.
You need at least 50 points to have your full name assured. . . so you need to be assured by, at least, two existing assurers
With 100 points you can also be an assurer
. . . but you also need to pass an “assurer challenge”
More rules: When you are promoted to assurer:
Initially, you can issue 10 points to other people, and get 2experience points when you assure somebody
After you got 10 experience points, then you can issue 15points to others . . .
When you got 50 experience points, then you can issue toothers the maximum per session: 35 points
But in any case, you can, if you want, to issue less points thanyour maximum
Juanjo Amor CACert
![Page 77: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/77.jpg)
CACert web of trust
Some rules:
An assurer can issue you upto 35 points.
You need at least 50 points to have your full name assured. . . so you need to be assured by, at least, two existing assurers
With 100 points you can also be an assurer
. . . but you also need to pass an “assurer challenge”
More rules: When you are promoted to assurer:
Initially, you can issue 10 points to other people, and get 2experience points when you assure somebody
After you got 10 experience points, then you can issue 15points to others . . .
When you got 50 experience points, then you can issue toothers the maximum per session: 35 points
But in any case, you can, if you want, to issue less points thanyour maximum
Juanjo Amor CACert
![Page 78: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/78.jpg)
CACert web of trust
Some rules:
An assurer can issue you upto 35 points.
You need at least 50 points to have your full name assured. . . so you need to be assured by, at least, two existing assurers
With 100 points you can also be an assurer
. . . but you also need to pass an “assurer challenge”
More rules: When you are promoted to assurer:
Initially, you can issue 10 points to other people, and get 2experience points when you assure somebody
After you got 10 experience points, then you can issue 15points to others . . .
When you got 50 experience points, then you can issue toothers the maximum per session: 35 points
But in any case, you can, if you want, to issue less points thanyour maximum
Juanjo Amor CACert
![Page 79: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/79.jpg)
CACert web of trust
Some rules:
An assurer can issue you upto 35 points.
You need at least 50 points to have your full name assured. . . so you need to be assured by, at least, two existing assurers
With 100 points you can also be an assurer
. . . but you also need to pass an “assurer challenge”
More rules:
When you are promoted to assurer:
Initially, you can issue 10 points to other people, and get 2experience points when you assure somebody
After you got 10 experience points, then you can issue 15points to others . . .
When you got 50 experience points, then you can issue toothers the maximum per session: 35 points
But in any case, you can, if you want, to issue less points thanyour maximum
Juanjo Amor CACert
![Page 80: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/80.jpg)
CACert web of trust
Some rules:
An assurer can issue you upto 35 points.
You need at least 50 points to have your full name assured. . . so you need to be assured by, at least, two existing assurers
With 100 points you can also be an assurer
. . . but you also need to pass an “assurer challenge”
More rules: When you are promoted to assurer:
Initially, you can issue 10 points to other people, and get 2experience points when you assure somebody
After you got 10 experience points, then you can issue 15points to others . . .
When you got 50 experience points, then you can issue toothers the maximum per session: 35 points
But in any case, you can, if you want, to issue less points thanyour maximum
Juanjo Amor CACert
![Page 81: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/81.jpg)
CACert web of trust
Some rules:
An assurer can issue you upto 35 points.
You need at least 50 points to have your full name assured. . . so you need to be assured by, at least, two existing assurers
With 100 points you can also be an assurer
. . . but you also need to pass an “assurer challenge”
More rules: When you are promoted to assurer:
Initially, you can issue 10 points to other people, and get 2experience points when you assure somebody
After you got 10 experience points, then you can issue 15points to others . . .
When you got 50 experience points, then you can issue toothers the maximum per session: 35 points
But in any case, you can, if you want, to issue less points thanyour maximum
Juanjo Amor CACert
![Page 82: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/82.jpg)
CACert web of trust
Some rules:
An assurer can issue you upto 35 points.
You need at least 50 points to have your full name assured. . . so you need to be assured by, at least, two existing assurers
With 100 points you can also be an assurer
. . . but you also need to pass an “assurer challenge”
More rules: When you are promoted to assurer:
Initially, you can issue 10 points to other people, and get 2experience points when you assure somebody
After you got 10 experience points, then you can issue 15points to others
. . .
When you got 50 experience points, then you can issue toothers the maximum per session: 35 points
But in any case, you can, if you want, to issue less points thanyour maximum
Juanjo Amor CACert
![Page 83: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/83.jpg)
CACert web of trust
Some rules:
An assurer can issue you upto 35 points.
You need at least 50 points to have your full name assured. . . so you need to be assured by, at least, two existing assurers
With 100 points you can also be an assurer
. . . but you also need to pass an “assurer challenge”
More rules: When you are promoted to assurer:
Initially, you can issue 10 points to other people, and get 2experience points when you assure somebody
After you got 10 experience points, then you can issue 15points to others . . .
When you got 50 experience points, then you can issue toothers the maximum per session: 35 points
But in any case, you can, if you want, to issue less points thanyour maximum
Juanjo Amor CACert
![Page 84: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/84.jpg)
CACert web of trust
Some rules:
An assurer can issue you upto 35 points.
You need at least 50 points to have your full name assured. . . so you need to be assured by, at least, two existing assurers
With 100 points you can also be an assurer
. . . but you also need to pass an “assurer challenge”
More rules: When you are promoted to assurer:
Initially, you can issue 10 points to other people, and get 2experience points when you assure somebody
After you got 10 experience points, then you can issue 15points to others . . .
When you got 50 experience points, then you can issue toothers the maximum per session: 35 points
But in any case, you can, if you want, to issue less points thanyour maximum
Juanjo Amor CACert
![Page 85: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/85.jpg)
CACert web of trust
Some rules:
An assurer can issue you upto 35 points.
You need at least 50 points to have your full name assured. . . so you need to be assured by, at least, two existing assurers
With 100 points you can also be an assurer
. . . but you also need to pass an “assurer challenge”
More rules: When you are promoted to assurer:
Initially, you can issue 10 points to other people, and get 2experience points when you assure somebody
After you got 10 experience points, then you can issue 15points to others . . .
When you got 50 experience points, then you can issue toothers the maximum per session: 35 points
But in any case, you can, if you want, to issue less points thanyour maximum
Juanjo Amor CACert
![Page 86: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/86.jpg)
CACert web of trust
Some rules:
An assurer can issue you upto 35 points.
You need at least 50 points to have your full name assured. . . so you need to be assured by, at least, two existing assurers
With 100 points you can also be an assurer
. . . but you also need to pass an “assurer challenge”
More rules: When you are promoted to assurer:
Initially, you can issue 10 points to other people, and get 2experience points when you assure somebody
After you got 10 experience points, then you can issue 15points to others . . .
When you got 50 experience points, then you can issue toothers the maximum per session: 35 points
But in any case, you can, if you want, to issue less points thanyour maximum
Juanjo Amor CACert
![Page 87: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/87.jpg)
CACert client certificates
A client certificate is used to:
Identify yourself to a web site
Email signing
. . .
When you create a CACert account, you can get client certificates:
Only the email is certified (by using email-ping)
With 6 month expiration
When you are assured (50 points) you also get
Name and email certified
24 month expiration
Juanjo Amor CACert
![Page 88: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/88.jpg)
CACert client certificates
A client certificate is used to:
Identify yourself to a web site
Email signing
. . .
When you create a CACert account, you can get client certificates:
Only the email is certified (by using email-ping)
With 6 month expiration
When you are assured (50 points) you also get
Name and email certified
24 month expiration
Juanjo Amor CACert
![Page 89: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/89.jpg)
CACert client certificates
A client certificate is used to:
Identify yourself to a web site
Email signing
. . .
When you create a CACert account, you can get client certificates:
Only the email is certified (by using email-ping)
With 6 month expiration
When you are assured (50 points) you also get
Name and email certified
24 month expiration
Juanjo Amor CACert
![Page 90: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/90.jpg)
CACert client certificates
A client certificate is used to:
Identify yourself to a web site
Email signing
. . .
When you create a CACert account, you can get client certificates:
Only the email is certified (by using email-ping)
With 6 month expiration
When you are assured (50 points) you also get
Name and email certified
24 month expiration
Juanjo Amor CACert
![Page 91: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/91.jpg)
CACert client certificates
A client certificate is used to:
Identify yourself to a web site
Email signing
. . .
When you create a CACert account, you can get client certificates:
Only the email is certified (by using email-ping)
With 6 month expiration
When you are assured (50 points) you also get
Name and email certified
24 month expiration
Juanjo Amor CACert
![Page 92: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/92.jpg)
CACert client certificates
A client certificate is used to:
Identify yourself to a web site
Email signing
. . .
When you create a CACert account, you can get client certificates:
Only the email is certified (by using email-ping)
With 6 month expiration
When you are assured (50 points) you also get
Name and email certified
24 month expiration
Juanjo Amor CACert
![Page 93: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/93.jpg)
CACert client certificates
A client certificate is used to:
Identify yourself to a web site
Email signing
. . .
When you create a CACert account, you can get client certificates:
Only the email is certified (by using email-ping)
With 6 month expiration
When you are assured (50 points) you also get
Name and email certified
24 month expiration
Juanjo Amor CACert
![Page 94: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/94.jpg)
CACert client certificates
A client certificate is used to:
Identify yourself to a web site
Email signing
. . .
When you create a CACert account, you can get client certificates:
Only the email is certified (by using email-ping)
With 6 month expiration
When you are assured (50 points) you also get
Name and email certified
24 month expiration
Juanjo Amor CACert
![Page 95: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/95.jpg)
CACert client certificates
A client certificate is used to:
Identify yourself to a web site
Email signing
. . .
When you create a CACert account, you can get client certificates:
Only the email is certified (by using email-ping)
With 6 month expiration
When you are assured (50 points) you also get
Name and email certified
24 month expiration
Juanjo Amor CACert
![Page 96: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/96.jpg)
CACert client certificates
A client certificate is used to:
Identify yourself to a web site
Email signing
. . .
When you create a CACert account, you can get client certificates:
Only the email is certified (by using email-ping)
With 6 month expiration
When you are assured (50 points) you also get
Name and email certified
24 month expiration
Juanjo Amor CACert
![Page 97: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/97.jpg)
CACert server certificates
A server certificate is used to:
Secure website: identify a server to you
When you create a CACert account, you can get server certificates:
With 6 month expiration
When you are assured (50 points) you also get
24 month expiration
In all cases, you need to be able to ping DNS name by receiven apostmaster email from DNS owner, and only website DNS name isassured, because CACert assurers are not able verify legal owner.
Juanjo Amor CACert
![Page 98: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/98.jpg)
CACert server certificates
A server certificate is used to:
Secure website: identify a server to you
When you create a CACert account, you can get server certificates:
With 6 month expiration
When you are assured (50 points) you also get
24 month expiration
In all cases, you need to be able to ping DNS name by receiven apostmaster email from DNS owner, and only website DNS name isassured, because CACert assurers are not able verify legal owner.
Juanjo Amor CACert
![Page 99: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/99.jpg)
CACert server certificates
A server certificate is used to:
Secure website: identify a server to you
When you create a CACert account, you can get server certificates:
With 6 month expiration
When you are assured (50 points) you also get
24 month expiration
In all cases, you need to be able to ping DNS name by receiven apostmaster email from DNS owner, and only website DNS name isassured, because CACert assurers are not able verify legal owner.
Juanjo Amor CACert
![Page 100: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/100.jpg)
CACert server certificates
A server certificate is used to:
Secure website: identify a server to you
When you create a CACert account, you can get server certificates:
With 6 month expiration
When you are assured (50 points) you also get
24 month expiration
In all cases, you need to be able to ping DNS name by receiven apostmaster email from DNS owner, and only website DNS name isassured, because CACert assurers are not able verify legal owner.
Juanjo Amor CACert
![Page 101: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/101.jpg)
CACert server certificates
A server certificate is used to:
Secure website: identify a server to you
When you create a CACert account, you can get server certificates:
With 6 month expiration
When you are assured (50 points) you also get
24 month expiration
In all cases, you need to be able to ping DNS name by receiven apostmaster email from DNS owner, and only website DNS name isassured, because CACert assurers are not able verify legal owner.
Juanjo Amor CACert
![Page 102: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/102.jpg)
CACert server certificates
A server certificate is used to:
Secure website: identify a server to you
When you create a CACert account, you can get server certificates:
With 6 month expiration
When you are assured (50 points) you also get
24 month expiration
In all cases, you need to be able to ping DNS name by receiven apostmaster email from DNS owner, and only website DNS name isassured, because CACert assurers are not able verify legal owner.
Juanjo Amor CACert
![Page 103: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/103.jpg)
CACert server certificates
A server certificate is used to:
Secure website: identify a server to you
When you create a CACert account, you can get server certificates:
With 6 month expiration
When you are assured (50 points) you also get
24 month expiration
In all cases, you need to be able to ping DNS name by receiven apostmaster email from DNS owner, and only website DNS name isassured, because CACert assurers are not able verify legal owner.
Juanjo Amor CACert
![Page 104: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/104.jpg)
Questions
Questions?
Juanjo Amor CACert
![Page 105: CACert - A Community-driven Certification Authority - OpenSistemas](https://reader033.vdocument.in/reader033/viewer/2022051610/5499e8dfac7959482e8b5959/html5/thumbnails/105.jpg)
Exercises
Final exercises
1 Creating your CACert account.
2 Creating your email certificate, with browser and then withopenssl
3 Creating a web certificate, with openssl and apache
4 Want to be assured?
Juanjo Amor CACert