Profile cover photo
Profile photo
FREE digital certificates for everyone
FREE digital certificates for everyone

CAcert's posts

Post has attachment
February brought the start of the exhibition season for CAcert with our presence at FOSDEM - one of the biggest Europe-wide developer conferences in Brussels, Belgium. Of course we performed our well-known assurances, which is very popular at such events, with which CAcert safeguards its certificates by checking users' ID documents. This allows us to offer a safe and trustworthy certificate authority to our users. Of particular note was that interested people were seeking more detailed information about security - questions such as what it actually means, and why are we not yet in the trust stores of many of the web browsers. It's true that Let's encrypt is trusted by the popular browsers, but if you take a close look at the certificate of a site protected with a Let's encrypt certificate, you will find out that it does not contain any information about the owner. This means it is impossible to verify the identity of the site and therefore it is basically uncertain to which site the browser is actually connected to. CAcert allows the site owner to publish identification information in the certificate after the assurance - for private users as well as for companies. This way, CAcert offers a clear mutual trust, which makes it worth importing the CAcert-Root-certificate from

But there's more: CAcert offers client certificates as well and signs GPG/PGP keys. Anyone who always wanted to sign his emails and encrypt them if needed, can do this easily with CAcert. Most email clients supports S/MIME certificates or PGP. By this means the authenticity of the sender is verified, and the receipient can verify the name of the certificate owner. Also attachments like PDF can be signed this way and protect the document against later changes.

CAcert is supported by an Australian non-profit association, the operation of the server is safeguarded by the German incorporated society secure-u. This structure has advantages, but the Australian society is possible only as long as CAcert has at least three Australian residents as members of the board. In 2017 we want to bring the association behind the web of trust to Europe. This limits the resources of many of the active members, because the handover must be done under appropriate rules. Anyone who wants to support CAcert can find more details on our blog post recent blog post "Prosit 2017" at or can send an e-mail to

For a secure 2017!
Your CAcert

Post has attachment
CAcert was present this week-end at FrOSCon in Sankt Augustin, near Köln/Bonn with a shared booth with secure-u, and was delighted to talk to everybody. We received a lot of feedback and we welcome everybody to meet each other at one of the CAcert events to talk to each other personally.

Post has attachment

Post has attachment
How to make use of CAcert client certificates?

Once you have created a client certificate you can use client certficates for passwordless login into a webserver. The tutorial in CAcert's wiki explains how to do using CAcert's own web server as an example.

Post has attachment
New committee formed

CAcert Inc., the non-profit association behind CAcert, has recently elected a new board (I have informed about in

Now the new committee has now formed the following roles:
 * Piers Lauders as President
 * Ian Grigg as VP
 * Gero Treuner as Treasurer
 * Dirk Astrath as Secretary

 On April, 9th, 2016, the members of CAcert Inc held an SGM, in which a new board has been elected. The membership felt disheartened by the formerly elected committee and its persistent disrespect for properly established arbitration policies and procedures. This was carried by a motion which shows the importance of being a member of the association.

The full agenda points of the SGM can be found on You may note some placeholders in other topics as later revisions which corrected these items included further agenda items which could not be moved on for the reason of notification of the members in time.

After counting proxies for the votes, the european board members of the prior board resigned. 5 new members were then accepted, including one who got expelled by the old board end of February 2016 because he stood up for an independent arbitration which he wrote in the members mailing list. The old committee was removed and a new commitee was elected. The new board members are: Ben Ball (AU), Piers Lauders (AU), Kevin Dawson (AU), Ian Grigg, Gero Treuner, Dirk Astrath, and Mathias Subik. The new committee was also instructed to create a report of the activities of the former board since the AGM. All members of the community may contribute.

On 2016-04-16 at 12:00 UTC (noon) the first meeting of the new commitee will take place in the IRC channel #board-meeting on the CAcert IRC network. Everybody is welcome to participate, please find the agenda on

Post has attachment
CAcert wishes merry christmas to everybody!

Post has attachment
CAcert disabled SSL3 and 3DES support for its main website by today. In practice, the only client known to negotiate SSL3 with is Internet Explorer 6.0 as found in Windows XP. Similarly, 3DES will only be negotiated by IE 6 and IE 8 running on Windows XP. Since Windows XP is no longer supported by its vendor, and the widely circulated advice to all its users is to switch to a more recent operating system (or switch at least to a more current browser), CAcert decided the termination of support for SSL3 and 3DES on December 1, 2014 to fulfill our mission to support the security of its users.

Post has attachment
CAcert Community Agreement (CCA) Rollout finished! From now on every member who wants to use his CAcert account needs to have his CCA acceptance recorded. If it is not yet recorded, you will be asked ONCE on creating a new account, entering an assurance for the assurer and the assuree, or creating a new certificate (client, server, GPG).

All-time-record on new users per year

For a few days CAcert has more new members registered in 2014 than for any of the years before. Currently we are at about 31625 members and counting beating the record established in 2006 with 31542 members for the whole year in just about 11 months. With a rate of about 100 new members every day we have a faster-growing user base than ever. Given this support by our members CAcert is by far not dead – instead it shows the still existing need for a open and free certificate authority operating for their users instead of profit.
Wait while more posts are being loaded