Installing CAcert Certificates

If you do fully trust OpenMandriva, or already know everything about CAcert and certificates, you can follow our fast procedure.

In other case, you should follow this standard procedure (or if you're in hurry, follow the fast procedure go back to the secure later)

Secure Procedure

Here is the secure procedure for installing CAcert root certificates in your browser. Depending on your browser, choose 1 or 2.

  1. Internet Explorer, Chrome for Windows, Safari for Windows:
    • Go to the cacert website: http://www.cacert.org
    • On the right, click: "Root certificate"
    • Download the Windows installer (generally right click > download the link)
    • If you do really care about security, check sha-1 or md5 hashes (how-to here, we'll make a how-to soon)
    • Execute the installer
  2. All other cases:  (ie Firefox for Windows, Opera for Windows, All browsers in Linux, MacOS X, Android, iOS, Cyanogen Mod, Replicant, MIUI...)
    • If you do really care about security
      • download locally the certificates before installing (generally right-click > download the link target, or long press > download in tablet or smartphone);
        • Class 1 aka root certificate (PEM format): root.crt
        • Class 3 aka intermediate certificate (PEM format): class3.crt
      • For each certificate, check sha-1 or md5 hashes (how-to here, we'll make a how-to soon)
    • Install the certificates by left-clicking or tapping the url of the certificates (if asked, check at least "This certificate can authenticate websites").
      • Class 1 aka root certificate (PEM format)
      • Class 3 aka intermediate certificate (PEM format)

And it's done!


Now you can


Learn more

What is a certificate?

On the Internet, a digital certificate is required to verify the identity of persons or computers. These are also known as SSL certificates or identity certificates. We will call only "certificates" . In particular , certificates are a prerequisite for establishing secure connections (the "s" of https://). Without certificates, you could make sure that nobody listens to your call, but you could possibly be talking to another server! SSL / TLS is based on the use of certificate, so that a site can prove it is the one he claims to be and avoid the user to be lured.

What is a certification authority?

Certificates are the digital equivalent of identity cards issued by the government. Certificates, by cons, are issued mostly by private companies called certificate autorities or CA. OpenMandriva.org uses SSL / TLS certificate from CAcert, a certificate authority based on a community. Unfortunately, the CAcert root certificate authority is not included by default in most used browsers (including Firefox).

What happens if I do not install the root certificate?

Without the root certificate , you will receive a security warning when you try to establish a secure connection to a website certified by Cacert (including openmandriva.org). You can usually choose to ignore this warning and accept the server certificate on a temporary or permanent basis. "It does not seem so bad," you say. Formerly, this is exactly what many users have to have secure connections.

Why not take a free or paid SSL/TLS certificate at Doohickey Corporation, included by default in the default browser?

Free (as in free beer) is not the main criterion in choosing Cacert but Free as in Freedom is a very important value to us.

CAcert is a certification authority based on a community (community driven non-profit Certificate Authority), which offers both centralized and decentralized network (trusted network), and which publishes its code under a free license.

OpenMandriva also consider as a due to support OpenSource and community projects. Be supported by default in browsers is a plus, but if we limit ourselves to this criterion, we encourage an oligopoly of trusted authorities, some of which have already demonstrated more than questionable practices.

To be continued...

If you want to improve this page or translate it, please send an email to

@ MEMBER OF PROJECT HONEY POT
Spam Harvester Protection Network
provided by Unspam