[TriLUG] CACert Preparation

Brian McCullough bdmc at bdmcc-us.com
Wed Feb 11 15:05:40 EST 2009 

Allan and I had a conversation regarding tomorrow's meeting, and he
asked me to pass it on to the group.

Brian


----- Forwarded message from Brian McCullough <bdmc at bdmcc-us.com> -----


On Fri, Feb 06, 2009 at 02:27:45PM -0500, Alan Porter wrote:
> > You might also want to suggest to people that...
> 
> This sounds like a great suggestion, except I don't know what
> you're talking about.  I read just enough into it to know that
> I can create certificates for me web sites.

You can read all about it at: http://www.cacert.org/index.php?id=19
 the "Point System" page. ( Home->About CACert->Point System )


> If I understand you correctly, people like me who already have
> 150 points might do the group a favor by acting as an assurer
> for others.

Very true.  In fact, in a Lab setting, as we originally discussed, we
would get people to assure each other for practice.

Of course, CACert is moving toward a system where just having the points
does not yet qualify you, but we are in transition right now. ( It would
be best if you could pass the exam as well, of course. )

I just re-read the wording of things, and the transition has passed. The
exam ( introduction ) can be found at:
http://wiki.cacert.org/wiki/AssurerChallenge

It can be taken multiple times, until you have passed it, are happy with
your score, or both.


> And it also sounds like people can do themselves a favor by
> bringing a bunch of blank or partially-filled-in CAP forms in
> order to get enough points to have their name added to any
> certificates that they create.

Also true.  When the user prints a CAP form from their account, it has
certain fields pre-printed, and all that is needed is for the Assurer to
sign and date it.  The Assurer then goes into his own account and
records the assurances, using those forms.  In an event such as
Thursday, those take place at separate times ( I will take all the forms
home and do them as a batch job ).


> Have I got that correct?  Or did I munge it up?

All correct.  I have just filled in some details.


============


To those coming to Thursday's meeting, who are interested in creating
certificates for use in E-Mail or Servers.

After joining CACert, today, you can create e-mail certificates that
only have your e-mail address in them, very similar to the Thawte Free
Email Certificate.  This only requires that you answer a "ping" e-mail
message from the server.  You can also receive "anonymous" server
certificates, that also only have the domain name.  Both of these
certificates need to be renewed every six months.

On Thursday, there will be several qualified Assurers in attendence who
can help you move on to the next steps.

If you want your name and certain other information added to your e-mail
certificate, you will need 50 points from more than one Assurer.  No 
assurer, except under extraordinary circumstances, can offer more than 
35 points, many of them can't offer that many, so you will need to have 
multiple CAP forms and meet multiple Assurers to get your Named E-Mail 
certificate.  These certificates, and "assured server certificates," are
valid for 24 months.

All of this information, and more, is shown on the Point System page in
the CACert.org web site at: https://www.cacert.org/index.php?id=19  That
page can also be reached by navigating from Home -> About CACert.org ->
Point System.


If you want to become an Assurer, you will need to accumulate at least
100 points and pass the Assurer Challenge Examination ( on-line ).



A note for people interested in server certificates.  CACert has a
procedure to allow you to generate a "wildcard" server certificate.
This allows you to use one certificate for multple servers, such as an
Apache 2 server with multiple Named Virtual Hosts.


=======================



Brian 


----- End forwarded message -----

More information about the TriLUG mailing list