CAcert Server transfer and downtime.


As you may have read in previous blog entries, CAcert are moving the last servers from Austria to the Netherlands. These servers are the mission-critical systems. This is done to comply fully with the very strict security rules that are in place for inclusion into mainstream browsers. The Netherlands location is planned to host the servers in a full dual control and 4 eyes environment, at both physical and logical levels. As an audit requirement, this is essential for balancing the security of certificates. Also, some internal protocols will have to change due to hardware issues.

The systems will have a short shut down on Friday evening, 26th at 19:00 for a brief period for backups. The servers will be shut down from 07:30 Tuesday morning, 30th September. We have blocked-out the period September 30 to October 4 for the project. Hopefully, we will not be down for that entire time, but because of the size of the project it is best to plan on at least 2 days downtime. During the downtime, an alternative page and the blog will show the progress on the moving. The blog, e-mail list and wiki will be available since they are already hosted at the new location in the Netherlands. During the downtime, no Account changes can be made, nor new Certificates or Assurer actions can be done. Please be aware of that downtime period. CAcert will inform all Members via the blog as soon as the Services are again up and running. More details are found on the wiki.

An international team of experts will be working on this relocation project. As well as our CAcert systems people, we will be supported in the Netherlands by people from BIT (ISP), Tunix (firewalls) and Oophaga (CAcert hosting in NL). In Austria, we will be supported by Funkfeuer (ISP) and Sonance (Verein). Should any problem arise during the move, the team will tackle them there and then.

If the servers are moved succesfully, we will be back on track with the audit and CAcert can move on. If CAcert does not relocate the servers, or fails to do so, it will have severe consequencies for CAcert. In such a case the chance to pass the audit and ability to achieve RootKey inclusion in the mainstream browsers will fail. The Austrian servers will be shut down permanently.

At the Annual General Meeting of CAcert Inc. on 7th of November, a report will be made to the Association Members and if needed decisions for the future will be taken.


The Backup date will be on Monday, 29th (19h CET).

Leave a Reply