Tuesday, December 13, 2016

Cacert as a open CA ( account management )

Cacert has been around for some time now.


I've been playing with them this year and one cool feature has been the client_AUTH_crt for the user interface.

This ( client_AUTH )  allow for  a quick and simple  CertManager interface access with no password.

FWIW: The password recovery in the cacert.org website is very bad imho, but outside of that certificates are easy to craft &  once you have been approved.  The approval process  requires a simple DomainValidate and a valid email.

To use client-auth for web interface access , you only need to complete a few tasks. Here's a few screenshots ( information is sanitized for  my  account  details )

1: select new under the Client Certificates

2: define a user_friendly_name ( this helps you remember what it was for or for what email_address account if you manage numerous accounts  )

3: select 2k bit key strength


Review the certificate details and download this in a safe area and encrypt it

NOTE: remember the client.crt Alt.name is your email address used by the cacert account


When logging in you must use  certificate_login  after importing into your local certificate manager. I 'm using a macosx machine so it's keychain access.

And now you can modify and issues certificate against your domains that have been validate previously

The certs issuance is much longer than Let's Encrypt which is another free CA. The CAcert is great for Proof-Of-Concepts , demos, labs, development sites, for training  or just for testing 


Be advise that most browsers have issues using certificates issued by cacert.org so  YMMV on how trust worthy cacert.org  is a Certificate_Authority.

kfelix @ socpuppets.com

NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
        /  \

No comments:

Post a Comment