I've been playing with them this year and one cool feature has been the client_AUTH_crt for the user interface.
This ( client_AUTH ) allow for a quick and simple CertManager interface access with no password.
FWIW: The password recovery in the cacert.org website is very bad imho, but outside of that certificates are easy to craft & once you have been approved. The approval process requires a simple DomainValidate and a valid email.
To use client-auth for web interface access , you only need to complete a few tasks. Here's a few screenshots ( information is sanitized for my account details )
1: select new under the Client Certificates
2: define a user_friendly_name ( this helps you remember what it was for or for what email_address account if you manage numerous accounts )
3: select 2k bit key strength
Review the certificate details and download this in a safe area and encrypt it
When logging in you must use certificate_login after importing into your local certificate manager. I 'm using a macosx machine so it's keychain access.
And now you can modify and issues certificate against your domains that have been validate previously
The certs issuance is much longer than Let's Encrypt which is another free CA. The CAcert is great for Proof-Of-Concepts , demos, labs, development sites, for training or just for testing
Be advise that most browsers have issues using certificates issued by cacert.org so YMMV on how trust worthy cacert.org is a Certificate_Authority.
kfelix @ socpuppets.com
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
=( @ @ )=