| | 1 | = Some of your web sites tell me that your security certificate was signed by an unknown entity. What can I do to get to know you? = |
| | 2 | |
| | 3 | An SSL certificate is a file installed on our web servers that is designed to prove that the web site your are visiting really is run by May First/People Link. The SSL certificate is used when you visit a site that starts with https instead of http. |
| | 4 | |
| | 5 | This step is important because it is possible to type in one of our web addresses into your browser, but be re-directed to another web site that looks like our web site, but isn't. If you enter your username and password, this information can then be stolen. |
| | 6 | |
| | 7 | When you visit a site that starts with https, your web browser requests the SSL certificate. Every SSL certificate is signed by a "certificate authority." This signature says: The Certificate Authority called "ABC" (or whatever the name of the Certificate Authority is) assures you that the web site your are visiting really is run by Organization XYZ. |
| | 8 | |
| | 9 | Your web browser comes pre-configured to trust certain corporate certificate authorities, like Thawte and Verisign. |
| | 10 | |
| | 11 | We pay money to Certificate Authorities (such as Thawte) to have them verify our identity and sign our certificates. |
| | 12 | |
| | 13 | We are beginning to take a new track. Rather than paying money to corporation to prove that we are who we say we are, we are instead creating our own Certificate Authority. |
| | 14 | |
| | 15 | The catch: You have to install our Certificate Authority in your web browser. You can do that by clicking on the link below. |
| | 16 | |
| | 17 | If you are running Firefox, it will take you through the steps of accepting it automatically. |
| | 18 | |
| | 19 | If you are running Internet Explorer, download the file. Then: |
| | 20 | |
| | 21 | 1. Click Tools -> Internet Options |
| | 22 | 1. Click Content -> Certificates |
| | 23 | 1. Click Trusted Root Certificates |
| | 24 | 1. Click Import |
| | 25 | |
| | 26 | If you'd like to confirm that this certificate is the proper certificate (and you have the gpg key for either dkg or Jamie), you can download our respective asc files and run: |
| | 27 | |
| | 28 | {{{ |
| | 29 | gpg --verify mfpl.crt.dkg.asc mfpl.crt |
| | 30 | gpg --verify mfpl.crt.jamie.asc mfpl.crt |
| | 31 | }}} |
| | 32 | |
| | 33 | You should see output like: |
| | 34 | |
| | 35 | {{{ |
| | 36 | gpg: Signature made Tue 11 Mar 2008 08:23:00 PM EDT using DSA key ID 76CC057D |
| | 37 | gpg: Good signature from "Jamie McClelland <jamie@mayfirst.org>" |
| | 38 | gpg: aka "Jamie McClelland <jm@mayfirst.org>" |
| | 39 | }}} |
| | 40 | |
| | 41 | and |
| | 42 | |
| | 43 | {{{ |
| | 44 | gpg: Signature made Thu 20 Sep 2007 07:00:40 PM EDT using RSA key ID D21739E9 |
| | 45 | gpg: Good signature from "Daniel Kahn Gillmor <dkg@fifthhorseman.net>" |
| | 46 | gpg: aka "Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>" |
| | 47 | }}} |
