CAcert is a certification authority that offers X.509 certificates for users and servers and trusted PGP signatures for free. In order to check the identity, instead of the costly process used by other certification authorities, it uses a trust network.cacert.org
CAcert.org is a social Certification Authority, which issues certificates for the general public for free. The main objective of CAcert’s is to promote awareness and education on computer security through the use of encryption – mainly X.509 family standards.
We have compiled a baseca document, which contains helpful tips on encryption settings in popular software and basic information on Public Key Infrastructures (PKI). For enthusiasts who want to try this, we have an easy way to get certificates that you can use with your email program. You can not only encrypt but also prove to your colleagues and family that your emails really come from you.
For administrators looking for protection for their services, we provide host and wild card certificates that you can issue almost instantly. You can use them not only to protect websites but also to protect POP3, SMTP and IMAP connections. Unlike other certification organizations, we do not limit the power of certificates or the use of wild card certificates. Everyone should have the right to safeguard and protect their privacy, not only those who want to set up ecommerce sites.
If you take encryption very seriously, you can join the CAcert`s Assurance Programme and the Web of Trust. This allows you to verify your person so that you can reap additional benefits, including extended duration of certificates and the ability to include your name on e-mail certificates.
How to become a Controller on the CAcert Confidence Network – “Web of Trust”?
- The first thing you have to do is to register at CAcert.org. The data must be true in order to identify the person.
- Then you have to meet the Controller in person. Write to us choosing the topic “Free certificates”, enter the city from which you are from, and we will try to contact you with the nearest CAcert Controller in your city. You can search for other controllers by being registered on the CAcert website.
- The next step is to fill in a few copies (depending on how many Controllers you want to meet) of the form. The data on the form must ideally agree with those on the website.
- You must carry two identity cards with a photo issued by government authorities, e.g. an identity card, driving licence, etc.
- After verification of your identity you will receive a sufficient number of points from each Controller.
- If the sum of points issued by the Controllers is equal to or greater than 100 you will become the Controller.
What can a CAcert provide you with to increase your privacy and security for free?
Certificates (not authenticated)
- Benefits: You can send signed digitally/encrypted emails, others can send encrypted emails to you.
- Restrictions: The certificate expires after 12 months; only the email address itself can be included in the certificate (with no name).
- Verification required: You must confirm your email by responding to an email sent by us.
- Benefits: Same as above, but you can also add your name to the certificate.
- Restrictions: The certificate expires after 12 months.
- Verification required: The same as above, plus you must receive a minimum of 50 points. You can get it by meeting one or more Web of Trust Assurances who will verify your details by checking two of your government-issued ID cards with a photo.
Certificates signing the code (Code signing certificates)
- Benefits: Sign the code, applets, installers, etc. digitally and include your personal data in the certificates.
- Restrictions: The certificate expires after 12 months and must include your full name.
- Verification required: Same as above, plus you must receive a minimum of 100 points. You can get it by meeting one or more Web of Trust Assurances who will verify your details by checking two of your government-issued ID cards with a photo.
Certificates of Servers (not authenticated)
- Benefits: Run encrypted data transmission for users of websites, e-mail and other SSL-based services on your server. We allow subdomain certificates in *.domain.com style.
- Restrictions: The certificate expires after 6 months; only the domain name itself can be included in the certificate (without name, company name, address, etc.).
- Verification required: You must confirm that you are the owner (or authorized administrator) of the domain by responding to an email sent to the whois database address or RFC-mandatory addresses (hostmaster/postmaster/etc).
Authenticated server certificates
- Benefits: Same as above.
- Restrictions: As above, excluding certificates that expire within 24 months.
- Verification required: Same as above, plus you must receive a minimum of 50 points. You can get these by meeting one or more Web of Trust Assurances who will verify your details by checking two of your identity cards with a photo issued by government bodies.
Become a Controller on the Confidence Network CAcert – ‘Web of Trust’.
- Benefits: Ability to confirm other, new CAcert users, a possibility to contribute to strengthening and expanding the CAcert Confidence Network.
- Restrictions: The number of points you will receive will determine how many points you will be able to award.
- Verification required: Same as above, plus you must receive a minimum of 100 points. You can get these by meeting with one or more Trusted Third Party Assurers who will verify your details by checking two of your identity cards with a photo issued by government bodies; or if it is not possible to meet with a local guarantor, meet with two Trusted Third Party Assurers such as notaries, lawyers, bankers, accountants, so that they can establish the authenticity of your documents.
Become a member of the CAcert Association
- Benefits: You can decide how the CAcert (a non-profit organisation affiliated with Australia) is run.
- Restrictions: none, only the sky is a restriction for the CAcert.
- Verification required: No; Annual membership fee – $10 USD.