Tag Archives: CAcert

I cannot create or renew my certificate, because it hangs ||| Help – Hilfe – au secours – aiuto

A typical message from an user: “Certificate renewal in state ‘pending’ for days. How to remove/renew then?”

Don’t worry, there is a solution (and the reason is independent from CAcert). Please follow the steps as described in the wiki: https://wiki.cacert.org/FAQ/CertCreationRenewalStucks

Deutsch: Wenn die Zertifikatserneuerung in der Endlosschleife endet: Es gibt eine Lösung: https://wiki.cacert.org/FAQ/CertCreationRenewalStucks/DE

Français: Si le renouvellement de certificats dure des heures, voir des jours: voici la solution: https://wiki.cacert.org/FAQ/CertCreationRenewalStucks/FR

català | castellano | ?esky | español | italiano | ??? | nederlands | polski | português | ??????? | svenska | ??????????

Merry CAcertmas!

Dear friends and members of the CAcert community. Are you curious and want to know what is wrapped in the package under the tree? This year, Father Christmas has packed something really nice.

As always with CAcert, you can unwrap it faster and enjoy it more quickly if you help out a little. Translate a little. Or do a little programming. Or test a few new functions. Or like this. To do so, you find further information on the web or write to our secretary.

CAcert Services mostly running again

In Wednesday another visit at the datacenter took place, where we installed the updated webdb1-machine to the rack.

There are still some minor issues left (e.g. language selection for main website, automatic mails), which will be activated again remotely withins the next days.

This time the available time on critical teams site was blocked by some investigation issues (e.g.: What caused the outage, why did the internal routines and raid did not work) and non CAcert-related issues (as we all have a family and job, which are time-consuming as well) and and outage of usable internet-connection on critical teams site.

Naming this: If you’re living next to or in Netherlands and want to give us a helping hand for infrastructure and (possible) critical team feel free to contact us via support.

New board allready started

On 7 December, the committee of CAcert Inc (also known as “board”) was constituted as follows:

  • President – Brian McCullough
  • Vice president – Kim Nilsson
  • Treasurer – Frédéric Grither
  • Secretary – Étienne Ruedin
  • Board members – Aleš Kastner, Frédéric Dumas

Two weeks earlier, the board had already discussed organisational issues in depth at a closed meeting. It is aware that collaboration via virtual channels does not only bring advantages. In order to meet these high demands in the future, the committee will continue to address these issues in the coming weeks. Last autumn, those responsible were introduced to the topic by a management consultant specialising in non-profit organisations, who thankfully did this pro bono.

New drive for CAcert Inc

At the Annual General Meeting 2022/2023 of our Geneva based operating association CAcert Inc on November, 11th, 2023, the members of CAcert Inc elected a new committee (also known as “board”). Some familiar faces are still involved, complemented by new blood from Bohemia. We can announce the constitution at the beginning of December.

Certificate renewing is pending (update & help)

Some of our community members (users) get a problem while they try to renew an existing certificate. The issue is: Certificate renewal is pending for days/weeks.

First of all, CAcert is not a service provider or a company, but a community. We are all in the same boat. We can only achieve our goals together, with your the cooperation of all of us (of all users=members).

One of our volunteer support engineers, a retired gentleman somewhere in Bohemia, wrote, after he watererd the flowers in the garden:
1. Many users use CAcert without any assurance. Until now, their CSRs were signed by Class 1 Root (–> serial # 1xxxxx) and their CSRs/renewals are stuck in a queue now.
2. These users know absolutely nothing about existence Class 1 & Class 3 Roots, as they don’t remember installing root(s), and when creating a new cert, they cannot see the choice Class 1/3, because with <50 assurance points (trust points) it isn’t displayed.
3. Many users do not know about the existence of Wiki, bugs, blog, CATS… websites. Our education possibly fails in this direction.

And from Alsace, a baker who is also CAcert volunteer writes after putting the children to bed: There is a lot of information and many tutorials are at the FAQ at https://wiki.cacert.org How to create a certificate can be found at: https://wiki.cacert.org/HowTo/ClientCertCreate/

Another help message was sent by a CAcert volunteer who works as a bus driver from his mobile phone during the short break at the terminus: To get assurance points, the easyest way is to meet with two (or three) experienced assurers who can then credit you with the assurance (trust) points you need (you need 50 and get 10-35 per assurer). When you are on cacert.org in your account, go to the Web Of Trust: https://www.cacert.org/wot.php?id=12 (here you can enter your town and search for assurers in the area) or: https://www.cacert.org/wot.php?id=1 (here you can click through to choose from about 6000 assurers worldwide).

Thank you very much to all our active community members who helps here and there and gives other community members a hand. Even very little help is helpfull. If e.g. each of the 6000 assurers from the assurer directory helps with something small for 10 minutes per month, that is already 1000 hours of work. That would solve (almost) all problems. Here is how you too can give your CAcert community a hand: https://wiki.cacert.org/engagement

And another volunteer from Sweden points out, that the issue will not go away till the interface is fixed, which is a work that has been started, but not finished. Furthermore, renewing old incorrectly signed certificates will never work again, as we have said we will not fix the broken code for that, as no certificates should ever have been signed that way. We can’t continue signing them incorrectly.

Screenshot of the CAcert browser client certificate web application

Lowering the barriers of entry

In the coming few months we will start running some services with Let’s Encrypt server certificates. We decided to go this route to make it easier for people to join our community or contribute to our work.

A nice side effect of this move will be that we can provide these services https encrypted and redirect all unencrypted http URLs to their https counterparts.

We will continue to use our own server certificates for our CA systems and other services that are only relevant after joining our community.

We also will continue to provide our community with client and server certificates. All our services that support or require client certificates will still use those issued by our CA.

We recently implemented a web application to make it easier to get started with client certificates. The application provides a friendly and completely client side interface to generate key pairs and signing requests in your browser.

Last chance, hurry up, catch your review!

Dear friend of #CAcert, here comes the last #bugs that needs a #review. We are so glad, that you are willing to #help you #community and review only one of them during the #spring #offensive.

https://bugs.cacert.org/view.php?id=1310
https://bugs.cacert.org/view.php?id=1129
https://bugs.cacert.org/view.php?id=1302
https://bugs.cacert.org/view.php?id=875
https://bugs.cacert.org/view.php?id=1304

We published all ready 12 bugs for review earlyer today in this channel. Maybe, you find a more conviniant one there?

Papillon, vient voir les bugs

Qu’est-ce qu’une #revue par rapport à la résolution d’un problème? Vole comme un papillon sur l’une de nos fleurs de bug et regarde le code. Voici la troisième série de quatre, si tu ne trouves rien qui te convienne pour participer à l’offensive #CAcert du printemps, nous t’en fournirons quatre autres dans quelques heures ou regarde les huit premiers, publiés il y a quelques heures.

This are new links, number 9-12:
https://bugs.cacert.org/view.php?id=1149
https://bugs.cacert.org/view.php?id=1382
https://bugs.cacert.org/view.php?id=1383
https://bugs.cacert.org/view.php?id=1355

Join the CAcert Spring Offensive

What’s a #review compared to solving a problem? Flutter like a butterfly on one of our bug flowers and check out the code. Here are the second four, if you don’t find anything suitable for you to join the #CAcert spring offensive, we’ll give you four more in a few hours.

https://bugs.cacert.org/view.php?id=1354
https://bugs.cacert.org/view.php?id=1423
https://bugs.cacert.org/view.php?id=775
https://bugs.cacert.org/view.php?id=1253
Nothing that fits you? Have a look to the first four links we published two hours ago in the german post.