19 | | If you are running Firefox, it will take you through the steps of accepting it automatically. Click the link that says mfpl.crt below, then scroll down and click "original format" where it says "Download in other formats." If Firefox prompts you to save the file, save it to your hard drive. Then click File -> Open and open the file. Follow the prompts to install it. |
20 | | |
21 | | == Internet Explorer == |
22 | | |
23 | | If you are running Internet Explorer, download and save the file. Then: |
24 | | |
25 | | 1. Click Tools -> Internet Options |
26 | | 1. Click Content -> Certificates |
27 | | 1. Click Trusted Root Certificates |
28 | | 1. Click Import |
29 | | |
30 | | == Verifying the certificate == |
| 20 | = Verifying the certificate = |
54 | | === In Firefox/Iceweasel === |
| 41 | If you are running Firefox, it will take you through the steps of accepting it automatically. Click the link that says mfpl.crt below, then scroll down and click "original format" where it says "Download in other formats." If Firefox prompts you to save the file, save it to your hard drive. Then click File -> Open and open the file. Follow the prompts to install it. |
| 42 | |
| 43 | == Installing in Internet Explorer == |
| 44 | |
| 45 | If you are running Internet Explorer, download and save the file. Then: |
| 46 | |
| 47 | 1. Click Tools -> Internet Options |
| 48 | 1. Click Content -> Certificates |
| 49 | 1. Click Trusted Root Certificates |
| 50 | 1. Click Import |
| 51 | |
| 52 | == installing in debian and debian/derived OSes == |
| 53 | |
| 54 | If you run [http://debian.org/ the debian OS] (or some debian-derived OS like Mint or Ubuntu), and you want to grant this CA authority for many of the standard tools in debian, you can add it by putting the certificate as a file in `/usr/local/share/ca-certificates/` and then running `update-ca-certificates`. you'll need to have superuser privileges to do both of these steps. |
| 55 | |
| 56 | == installing in GnuPG for keyserver connectivity == |
| 57 | |
| 58 | You might be interested in using this certificate authority to verify connections to https://keys.mayfirst.org when fetching key updates. |
| 59 | |
| 60 | To do this, you'll want to save the certificate to some local file (in this example, it's in `/path/to/mfpl.crt` -- you'll need to adjust to match where you stored the file), and you need to make sure that [DebianPackage:gnupg-curl] is installed. |
| 61 | |
| 62 | Add the following lines to `~/.gnupg/gpg.conf`: |
| 63 | {{{ |
| 64 | keyserver hkps://keys.mayfirst.org |
| 65 | keyserver-options ca-cert-file=/path/to/mfpl.crt |
| 66 | }}} |
| 67 | |
| 68 | |
| 69 | = Deleting certificates = |
| 70 | |
| 71 | == In Firefox/Iceweasel == |
| 83 | == In debian or derived OSes == |
| 84 | |
| 85 | As the superuser: |
| 86 | |
| 87 | * remove the file from `/usr/local/share/ca-certificates/` |
| 88 | * run `update-ca-certificates` |
| 89 | |
| 90 | |
| 91 | = History = |
| 92 | |
| 93 | == Certificate updates == |
| 94 | |
| 95 | * 2008-05-24 We generated a new certificate due to the [wiki:openssl_vulnerability_2008-05 Debian openssl vulnerability]. Please remove our old certificate and replace it with the attached one. The old certificate has the serial number 00:DC:04:BC:5B:7E:E0:73:FA. |
| 96 | * 2009-01-12 We have generated a new certificate due to [http://www.win.tue.nl/hashclash/rogue-ca/ weaknesses in the method we used to sign our previous certificate]. The old certificate has the serial number: 00:D2:CB:A4:EB:C6:65:92:DF. |
| 97 | * 2010-11 [ticket:3606 discussion about yet another certificate authority overhaul] begins... |