Category Archives: News

News Relating to CAcert

www.cacert.org outage / most services running

This night at 0:35 UTC our monitoring sent an alert that www.cacert.org is not reachable. Our volunteers had a look at the system and discovered that we have some issues on the system. Two two volunteer system engineers started checking what can be done remotely. That means that www.cacert.org is offline/unusable until further notice. If they need to travel to the data centre, this will take more time.

The good news is that only the website is affected and most services remain available without restriction, as the overview below shows:

blog.cacert.org	Blog
bugs.cacert.org	Bug tracker
community.cacert.org/clientcert	Client certificate generator
community.cacert.org	Community centre
irc.cacert.org	IRC chat
selfservice.cacert.org	Selfservice client service
mail.cacert.org	Webmail & mail server
www.cacert.org	Website
wiki.cacert.org	Wiki (help & documentation)

If you are happy with the work done by our support volunteers, please consider to donate: Donations IBAN CH02 0077 4010 3947 4420 0 (Graubündner Kantonalbank)

Finally: CAcert OpenID Connect for WordPress available

Leave a reply

WordPress has been the easiest and most popular way to create your own website or blog (like this one) for many years. In fact, WordPress is used for more than 40% of all websites on the internet.

On a slightly more technical level, WordPress is an open source content management system licensed under the GPLv2. This means that anyone can use or modify the WordPress software for free. It is a tool that allows you to easily manage your website without having to know anything about programming. WordPress makes creating a website accessible to anyone – even people who aren’t developers.

So it’s only natural that we at CAcert now go one step further: Using WordPress without passwords that have to be stored somewhere in the background and can be stolen, but simply using CAcert OpenID Connect for WordPress. An illustrated guide will help you configure WordPress as an OpenID Connect Client with CAcert. Following these steps will allow you to configure OpenID Connect Single Sign-On which will allow your users to log in to your WordPress site using their CAcert credentials.

Get the illustrated guide for CAcert OpenID Connect for WordPress absolutely free here: https://wiki.cacert.org/CAcertOpenIDConnect

If you are happy with the new functions of CAcert OpenID Connect for WordPress, done by our volunteers, please consider to donate: Donations IBAN CH02 0077 4010 3947 4420 0

P.S. If your CMS is neither WordPress, Drupal, nor Nextcloud, please get in touch with our project team. It would be happy to create together with you an other CAcert OpenID Connect access that fits your needs.

CAcert OpenID Connect for Nextcloud now available

Leave a reply

Nextcloud is free software for storing data (e.g. files, calendars, contacts, etc.) on a server. The user can access the data both via the web and with client applications. This enables a centralised and consistent database from many end devices and optional sharing with other users.

In addition to data storage, Nextcloud offers functionalities for video conferencing and various office applications via the web interface.

Using passwords is just annoying and not very secure. Now it’s much easier and even more secure: with CAcert OpenID Connect for Nextcloud, you simply log in with your certificate. Welcome to the future!

You can find out exactly how this works and how easy it is to activate in the illustrated guide for CAcert OpenID Connect for Nextcloud right here in the wiki: https://wiki.cacert.org/CAcertOpenIDConnect (no credit card, no e-mail-address, just download)

If you are happy with the new functions of CAcert OpenID Connect for Nextcloud, done by our volunteers, please consider to donate: Donations IBAN CH02 0077 4010 3947 4420 0

2537 kWh for 3993 free certificates

Leave a reply

At the end of June, the financial year 2024/2025 ended and in a couple of weeks will be the annual General Meeting at October 25th. For transparency, we publish here an overview, how we spent money. In fact, our servers need some electricity to create free certificates. This monthly bills are paid as well as the about 2000€ for the rack in the data centre by your generous dontations.

If you are happy with your free CAcert Certificate, and the work done by our volunteers to run this service, please consider to donate: Donations IBAN CH02 0077 4010 3947 4420 0

CAcert OpenID Connect for Drupal now available

Leave a reply

OpenID Connect (OIDC) was developed by the OpenID Foundation as an authentication protocol that verifies a user’s identity when they attempt to access a protected site. CAcert now offers a way to both authenticate and authorise Drupal with OIDC. This allows users of one of the best known and most widely used open source content management systems (CMS), used by some of the largest websites such as The Economist or the White House, to be used for single sign-on (SSO) and offers the benefits of a single login for multiple sites.

This Guide will help you configure your Drupal sites and other applications as an OpenID Connect Client with CAcert. Following these steps will allow you to configure OIDC SSO which will allow your users to log in to your Drupal site using their CAcert credentials.

Get the illustrated guide for CAcert OpenID Connect for Drupal here: https://wiki.cacert.org/CAcertOpenIDConnect

If you are happy with the new functions of CAcert OpenID Connect for Drupal, done by our volunteers, please consider to donate: Donations IBAN CH02 0077 4010 3947 4420 0

Support – the important volunteers behind the stage with daily customer contact

Leave a reply

Report from our support team about their work since the beginning of the year: The support team has deleted

deleted 47 accounts
restored 1 password
solved 11 problems. This involved the following: Error message due to root certificate not installed, new e-mail address stored, certificate creation without <keygen> and the certificate format.

Support also receives between twenty and thirty unwanted e-mails every day, and more at weekends. However, these are sorted out semi-automatically.

If you are happy with the work done by our support volunteers, please consider to travel with us or to donate:

Best price journeys with cash back for CAcert: https://www.booking.com/index.html?aid=346253
Donations IBAN CH02 0077 4010 3947 4420 0

DEUTSCH: Bericht unserer Heinzelmännchen vom Support über ihre Arbeit seit Anfang Jahr: Der Support hat seit Anfang Jahr

47 Konten gelöscht (auf Wunsch)
1 Passwort wiederhergestellt
11 Probleme gelöst. Dabei ging es um folgendes: Fehlermeldung wegen nicht installiertem Wurzelzertifikat, neue e-Mail-Adresse hinterlegt, Zertifikaterstellung ohne <keygen> und das Zertifikatformat.

Support bekommt ausserdem jeden Tag zwischen zwanzig und dreissig unerwünschte e-Mails, an Wochenenden jeweils mehr. Diese werden jedoch semiautomatisiert ausgesondert.

To join this great team yourself, simply write to secretary@c.o. We offer a thorough induction programme with an experienced support engineer. Work from home possible in a workload of your choice. English (reading and writing); other languages an advantage.

CAcert-OrgA-Konferenz 2025

Leave a reply

Manchem unserer Freiwilligen fällt es schwer, für sich alleine zu arbeiten – insbesondere dann, wenn es keine richtigen oder nur veraltete Richtlinien gibt, an denen man sich orientieren kann. Genau aus diesem Grund fand am 27. März 2025 eine kleine OrgA-Konferenz bei Zürich statt.

Mit dabei: Ein OrgAssurer, ein Mitglied der Gemeinschaft, ein Juniormitglied und ein Vertreter des Vorstandes. Gemeinsam haben sie festgestellt, das die Organisations-Assurance (OrgA) für CAcert eine hohe Wichtigkeit haben sollte, dass sich verschiedene Voraussetzungen in den letzten Jahren jedoch geändert haben, was die OrgA nicht vereinfacht hat und dass nicht alle Vorgehensweisen klar geregelt sind, respektive die Regeln je nach Jurisdiktion (Land) hilfreich oder hinderlich sind.

Nun wollen sie

den aktuellen Bestand aufnehmen
den aktuellen Bestand auf Aktualität und Nutzbarkeit prüfen
gegebenenfalls konkrete Vorschläge machen, wie die OrgA unter Beibehaltung der hohen Sicherheitsstandards gegebenenfalls vereinfacht werden kann.

Da sich die Leute gesehen haben, sind sie zuversichtlich, dass die Zusammenarbeit über elektronische Kanäle oder das Telefon in Zukunft auch über tausende von Kilometern gut möglich ist. Denn in einsem sind sich alle Teilnehmer der kleinen OrgA-Konferenz einig: der gemeinsame Dialog ist die Stärke, welcher Projekte vorwärts bringt.

Was ist die Organisations-Assurance?
Das Organisations-Assurance-Programm ist ein Zusatzprogramm zum Assurance-Programm für Einzelpersonen. Der Zweck des Organisations-Assurance-Programms ist es, Organisationen anstelle von Einzelpersonen zu assuren. Die OrgA erlaubt es einer Organisation, den Namen der Organisation in ihrem Zertifikat zu führen.
https://wiki.cacert.org/OrganisationAssurance/DE

CAcert mit schlankeren Strukturen in die Zukunft

Leave a reply

An seiner Jahresversammlung haben die Mitglieder von CAcert Inc, dem Trägerverein der CAcert-Gemeinschaft beschlossen die Strukturen den heutigen Begebenheiten anzupassen. Da seit dem Umzug nach Europa keine nationalen Mindestzahlen im Vorstand mehr vorgeschrieben sind, wurde der Vorstand auf fünf Mitglieder reduziert. Die Mitglieder sind überzeugt, dass diese schlankeren Strukturen den Ansprüchen der Zukunft besser gerecht werden.

CAcert schaut allgemein auf ein sehr erfolgreiches Jahr zurück. Vereinspräsident Brian McCullough hob zu Beginn der Versammlung drei Punkte speziell hervor:
– Modernisierung des Maschinenparks im Rechenzentrum mit eindrücklicher Senkung des Stromverbrauchs
– CAcert Community Centre als einfaches Selbstbedienungs-Portal, unter anderem zur Zertifikatserstellung
– Eine spannende Entwicklung war die Fertigstellung der ersten Version des CAcert OpenID Connect-Werkzeugs, mit dem sich unsere Mitglieder mit ihren Client-Zertifikaten bei verschiedenen anderen Diensten anmelden können, ohne Passwörter zu verwenden.

Aus dem Vorstand verabschiedet haben sich zwei langjährige Mitstreiter: Frédéric Grither war zweieinhalb Jahre Kassier und nach einem Unterbruch noch ein weiteres Jahr in dieser Funktion tätig. Frédéric Dumas war sechs Jahre im Vorstand und ist auch als Freiwilliger aktiv. Unter anderem hat er das zukunftsträchtige OpenID Connect-Projekt aufgegleist.

CAcert betreibt seit über 20 Jahren die freie Zertifikats-Ausgabestelle cacert.org, welche freie X.509-Client-Zertifikate ausgibt, welche über das Web of Trust abgesichert sind.
CAcert Zertifikats-Ausgabestelle: https://www.cacert.org
CAcert Selbstbedienungs-Portal: https://community.cacert.org

CAcert Inc with leaner structures into the future

Leave a reply

At its annual meeting, the members of CAcert Inc, the association that supports the CAcert community, decided to adapt its structures to current circumstances. Since CAcert moved its base to Europe, there is no longer an Australian government reqirement for a certain number of Australian Committee Members, and so the number of Committee Members has been returned to our original number, five. The members are convinced that these leaner structures will better meet the demands of the future.

CAcert can generally look back on a very successful year. President Brian McCullough emphasised three points in particular at the beginning of the meeting:
– Modernisation of machinery in the data centre with an impressive reduction in power consumption.
– CAcert Community Centre as a simple self-service portal, including for creating certificates.
– An exciting development was the completion of a first version of the CAcert OpenID Connect tool, allowing the CAcert members to use their Client Certificates to log in to various other services without using passwords.

Two long-standing members have left the committee of the association: Frédéric Grither was Treasurer for two and a half years and, after an interruption, continued in this role for another year. Frédéric Dumas was on the committee for six years and is also active as a volunteer. Among other things, he initiated the promising OpenID Connect project.

CAcert has been operating the free certificate authority cacert.org, which issues free X.509 client certificates that are secured via the Web of Trust, exclusively with volunteers for over 20 years.
CAcert Certificate Authority: https://www.cacert.org
CAcert Community Centre: https://community.cacert.org

CAcert’s OpenID Connect is now working

Leave a reply

CAcert was represented at Froscon last week end. Our volunteers presented the new OpenID Connect project and discussed with the attendees. In fact, an exciting development this year was the completion of a first version of the CAcert OpenID Connect tool, allowing our members to use their Client Certificates to log in to various other services without using passwords. Services such as Nextcloud, Mantis, and possibly Drupal and WordPress can provide our members easy access. Work will continue on this project into the next month.

CAcert staff talking to interested public and giving assurances at FrOSCon booth

Are you so enthusiastic that you want to help out yourself? Read here what opportunities are available to you! Or how you can cover the operating costs with a small donation of €10: https://paylink.conotoxia.com/t3A15JkVVW or IBAN CH02 0077 4010 3947 4420 0