Changes between Initial Version and Version 1 of faq/security/mfpl-certificate-authority


Ignore:
Timestamp:
Mar 11, 2008, 8:25:57 PM (12 years ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • faq/security/mfpl-certificate-authority

    v1 v1  
     1= Some of your web sites tell me that your security certificate was signed by an unknown entity. What can I do to get to know you? =
     2
     3An SSL certificate is a file installed on our web servers that is designed to prove that the web site your are visiting really is run by May First/People Link. The SSL certificate is used when you visit a site that starts with https instead of http.
     4
     5This step is important because it is possible to type in one of our web addresses into your browser, but be re-directed to another web site that looks like our web site, but isn't. If you enter your username and password, this information can then be stolen.
     6
     7When you visit a site that starts with https, your web browser requests the SSL certificate. Every SSL certificate is signed by a "certificate authority." This signature says: The Certificate Authority called "ABC" (or whatever the name of the Certificate Authority is) assures you that the web site your are visiting really is run by Organization XYZ.
     8
     9Your web browser comes pre-configured to trust certain corporate certificate authorities, like Thawte and Verisign.
     10
     11We pay money to Certificate Authorities (such as Thawte) to have them verify our identity and sign our certificates.
     12
     13We are beginning to take a new track. Rather than paying money to corporation to prove that we are who we say we are, we are instead creating our own Certificate Authority.
     14
     15The catch: You have to install our Certificate Authority in your web browser. You can do that by clicking on the link below.
     16
     17If you are running Firefox, it will take you through the steps of accepting it automatically.
     18
     19If you are running Internet Explorer, download the file. Then:
     20
     21 1. Click Tools -> Internet Options
     22 1. Click Content -> Certificates
     23 1. Click Trusted Root Certificates
     24 1. Click Import
     25
     26If you'd like to confirm that this certificate is the proper certificate (and you have the gpg key for either dkg or Jamie), you can download our respective asc files and run:
     27
     28{{{
     29gpg --verify mfpl.crt.dkg.asc mfpl.crt
     30gpg --verify mfpl.crt.jamie.asc mfpl.crt
     31}}}
     32
     33You should see output like:
     34
     35{{{
     36gpg: Signature made Tue 11 Mar 2008 08:23:00 PM EDT using DSA key ID 76CC057D
     37gpg: Good signature from "Jamie McClelland <jamie@mayfirst.org>"
     38gpg:                 aka "Jamie McClelland <jm@mayfirst.org>"
     39}}}
     40
     41and
     42
     43{{{
     44gpg: Signature made Thu 20 Sep 2007 07:00:40 PM EDT using RSA key ID D21739E9
     45gpg: Good signature from "Daniel Kahn Gillmor <dkg@fifthhorseman.net>"
     46gpg:                 aka "Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>"
     47}}}