Category Archives: Information

General news/information to the CAcert community or about security in general

Une révolution s’annonce le 14 juillet

A l’occasion de ce 14 juillet, CAcert a l’honneur d’annoncer par cette voie une nouveauté à tous les membres français et francophones de la communauté CAcert. Nos bénévoles se feront un plaisir de vous le montrer et de vous l’expliquer personnellement: Juste de l’autre côté du Rhin, près de Cologne-Bonn, à la FrOScon.

Critical servers upgrade project

As a faulty connection cable between www.cacert.org and the signer made it necessary to travel to the datacenter this weekend instead of the planned schedule later this year we were able to finish this part earlier than expected: We finalized on the last steps of moving CAcert to a more modem hardware and software on critical servers.

This project was started “somehow” in May 2020 when the signer power board broke just before the Corona-Lockdown took place. The old signer was replaced by the same model at this visit. Since then we had several outages, which were mainly caused by broken hardware, sometimes noticed by our members, sometimes only visible in our internal monitoring.

Today the last of the old servers (our signer) was powered down as it was replaced by two modern machines using a more recent debian release, but keeping the old signer-coding.

The complete hardware-replacement-project reduced the power consumption of all CAcert-servers for more than 60%.

But that’s not all: We have plans to put our signer-environment to a new software written in Go, but here we need YOUR help in testing and reviewing the code. Feel free to contact support@cacert.org to get in touch to our experts.

Screenshot of the CAcert browser client certificate web application

Lowering the barriers of entry

In the coming few months we will start running some services with Let’s Encrypt server certificates. We decided to go this route to make it easier for people to join our community or contribute to our work.

A nice side effect of this move will be that we can provide these services https encrypted and redirect all unencrypted http URLs to their https counterparts.

We will continue to use our own server certificates for our CA systems and other services that are only relevant after joining our community.

We also will continue to provide our community with client and server certificates. All our services that support or require client certificates will still use those issued by our CA.

We recently implemented a web application to make it easier to get started with client certificates. The application provides a friendly and completely client side interface to generate key pairs and signing requests in your browser.

Upcoming changes during pentecost

+++ Update +++ www.cacert.org is now running on a new server, first tests were successful. Still some finetuning needs to be done afterwards +++ update +++

During the long weekend around pentecost (“Pfingsten” as it is called here in Germany) we’re planning the next step in replacing some hardware at the datacenter.

The main reason for the visit at the datacenter on monday is it to plug the serial connection between our webserver and signer to the new machine.

As our main website will move to a new server, which was installed in the datacenter during the last visit, there will be an interruption of service while doing the final copy and reconfiguration of the firewall (hopefully not longer than one hour).

While we’re at the datacenter we’re adding two SSD-drives to infra02. During the activation of the host system on these SSDs the services running on infra02 (like blog, wiki etc.) will not be accessible and/or slower than usual.

After all services are moved (remotely/afterwards) from the HDDs to SSDs everything should be active again … and most likely faster.

At a later visit (planned in July) the old sun1-server and old infra02-HDDs will be removed from the rack.

The final step for hardware-upgrade/replacement in the critical environment will be a replacement of the old signer machine(s) by new servers and HSM-modules. For this step software- as well as development team need some assistance in reviewing and testing especially the coding (written in Go). Feel free to contact us via support@.c.o, mailing-lists or using comments to this blog-entry.

Last chance, hurry up, catch your review!

Dear friend of #CAcert, here comes the last #bugs that needs a #review. We are so glad, that you are willing to #help you #community and review only one of them during the #spring #offensive.

https://bugs.cacert.org/view.php?id=1310
https://bugs.cacert.org/view.php?id=1129
https://bugs.cacert.org/view.php?id=1302
https://bugs.cacert.org/view.php?id=875
https://bugs.cacert.org/view.php?id=1304

We published all ready 12 bugs for review earlyer today in this channel. Maybe, you find a more conviniant one there?

Papillon, vient voir les bugs

Qu’est-ce qu’une #revue par rapport à la résolution d’un problème? Vole comme un papillon sur l’une de nos fleurs de bug et regarde le code. Voici la troisième série de quatre, si tu ne trouves rien qui te convienne pour participer à l’offensive #CAcert du printemps, nous t’en fournirons quatre autres dans quelques heures ou regarde les huit premiers, publiés il y a quelques heures.

This are new links, number 9-12:
https://bugs.cacert.org/view.php?id=1149
https://bugs.cacert.org/view.php?id=1382
https://bugs.cacert.org/view.php?id=1383
https://bugs.cacert.org/view.php?id=1355

Join the CAcert Spring Offensive

What’s a #review compared to solving a problem? Flutter like a butterfly on one of our bug flowers and check out the code. Here are the second four, if you don’t find anything suitable for you to join the #CAcert spring offensive, we’ll give you four more in a few hours.

https://bugs.cacert.org/view.php?id=1354
https://bugs.cacert.org/view.php?id=1423
https://bugs.cacert.org/view.php?id=775
https://bugs.cacert.org/view.php?id=1253
Nothing that fits you? Have a look to the first four links we published two hours ago in the german post.

Mach es wie die Schmetterlinge

Was ist schon eine #Review im Vergleich dazu, ein Problem zu lösen? Flattere wie ein Schmetterling auf eine unserer Bug-Blumen und Schau dir den Code an. Hier sind die vier ersten, wenn du nichts für dich passendes findest, um bei der #CAcert Frühlings Offensive mitzumachen, reichen wir dir in einigen Stunden vier weitere nach.

https://bugs.cacert.org/view.php?id=971
https://bugs.cacert.org/view.php?id=8
https://bugs.cacert.org/view.php?id=1360
https://bugs.cacert.org/view.php?id=1317