Northfield Linux Users' Group - Northfield, Minnesota USA

NORLUG


NORLUG SSL Certificate Authority

Table of Contents:

^ Up to Contents

What are certificates?

Certificates are used to verify the identity of people or computers. In particular, certificates are needed to establish secure connections. Without certificates, you would be able to ensure that no one else was listening, but you might be talking to the wrong computer altogether! All NORLUG servers and all NORLUG services (IMAPS, SMTP, HTTP) allow or require secure connections. It can sometimes be tricky to coax a particular program to play nice and recognize the NORLUG certificates. This page will help you through the process.

^ Up to Contents

What is a certificate authority?

Certificates are the digital equivalent of a government issued identification card. Certificates, however, are issued by private corporations called certificate authorities (CA). NORLUG has chosen not to pay the exorbitant fees charged by commercial CAs. Instead, we generate and sign our own CA and certificates. Unfortunately, you need to do a little work to get your software to recognize NORLUG as a certificate authority. Every CA has a 'root certificate' which identifies a particular organization as a certificate authority. Corporate CAs have their root certificates distributed with most major computer programs and operating systems. For NORLUG, however, you need to manually install the NORLUG root certificate.

^ Up to Contents

How do I install the NORLUG root certificate?

There is no universal way to install a root certificate for certificate authorities. In most web browsers, it is as easy as clicking this link:

<http://norlug.org/norlug_ca.crt>

If you don't know how to install the certificate with/for a particular piece of software, consult the help/manual/instructions for that software.

^ Up to Contents

What happens if I don't install the NORLUG root certificate?

Without the root certificate, you will receive a security warning when you attempt to establish a secure connection. You can usually choose to ignore this warning and accept the server's certificate on a temporary or permanent basis. "That doesn't sound so bad," you might say. In the past, this is exactly what many users have done in order to use secure connections. But there are major problems with this:

  1. If people get in the habit of approving new server certificates every time they get a security warning, it completely defeats the purpose of having certificates in the first place.
  2. NORLUG has many servers and generates many certificates. It is easier for users to install CA Cert as a certificate authority once, rather than approving each NORLUG certificate one at a time.

^ Up to Contents

What are the fingerprints of NORLUG's certificates?

Some programs cannot use certificate authorities to confirm the validity of a certificate. In that case, you may need to manually confirm the fingerprint of the NORLUG certificate;

    norlug.org:
    MD5 Fingerprint=C5:7C:23:03:59:D6:9A:B5:05:DD:D5:F8:8C:D1:CE:3A
Site design and code by Chip Cuccio