View Issue Details

IDProjectCategoryView StatusLast Update
0001526Main CAcert Websitewebsite contentpublic2021-08-06 10:14
Reporteralkas Assigned ToTed  
PriorityhighSeveritymajorReproducibilityalways
Status closedResolutionfixed 
PlatformMain CAcert WebsiteOSN/AOS Versionstable
Summary0001526: The Class 3 certificate expired, new one not published yet
DescriptionOn the https://www.cacert.org/index.php?id=3 page, the old expired Class 3 certificate is still published.
Users complain.
Steps To ReproduceGo to https://www.cacert.org/index.php?id=3 and you will see the fingerprints of the deprecated Class 3 Root certificates.
TagsClass 3, renew
Reviewed byegal, Ted
Test Instructionshttps://www.cacert.org/index.php?id=3

Activities

Golffies

2021-05-21 21:16

manager   ~0006005

Here is what we need to do, in order to implement the requested change, i.e. replacing on our front webpage the deprecated Class 3 Root certificate with serial number x0E by the new Class 3 Root certificate with serial number x14E228.

1. Replace the related files, hosted on our front webserver, in each of the formats these files are made available (pem, der, text) for downloading the Class 3 Root certificate.


1.1 Remove

1.1.1 Remove the file https://www.cacert.org/certs/class3_X0E.crt
1.1.2 Remove the file https://www.cacert.org/certs/class3_X0E.der
1.1.3 Remove the file https://www.cacert.org/certs/class3_X0E.txt


1.2 Add

1.2.1 Add the file CAcert_Class3Root_x14E228.crt at https://www.cacert.org/certs/
1.2.2 Add the file CAcert_Class3Root_x14E228.der at https://www.cacert.org/certs/
1.2.3 Add the file CAcert_Class3Root_x14E228.txt at https://www.cacert.org/certs/

Note: The files CAcert_Class3Root_x14E228.{crt,der,txt} are attached to the present note.
Note: .der and .txt extensions are self-explanatory; .crt extension has been chosen to be given to the pem format file.


2. Update the HTML source code of the page at <https://www.cacert.org/index.php?id=3>


2.1 Update the hyperlinks to the Class 3 Root certificate


2.1.1 Replace

certs/class3_X0E.crt

by

certs/CAcert_Class3Root_x14E228.crt


2.1.2 Replace

certs/class3_X0E.der

by

certs/CAcert_Class3Root_x14E228.der


2.1.3 Replace

certs/class3_X0E.txt

by

certs/CAcert_Class3Root_x14E228.txt

Note: the change has to be applied on the canvas of the website, in order for the here above explanatory texts, enclosed in the hyperlink, to be displayed in any foreign langage, i.e. the one chosen by the visitor.



2.2 Update the displayed SHA1 and SHA256 fingerprints


2.2.1 Replace

SHA256 fingerprint: F687 3D70 D675 96C2 ACBA 3440 1E69 738B 5270 1DD6 AB06 B497 49BC 5515 0936 D544

by

SHA256 fingerprint: 1BC5 A61A 2C0C 0132 C52B 284F 3DA0 D8DA CF71 7A0F 6C1D DF81 D80B 36EE E444 2869

2.2.2 Replace

SHA1 fingerprint: A7C4 8FBE 6B02 6DBD 0EC1 B465 B88D D813 EE1D EFA0

by

SHA1 fingerprint: D8A8 3A64 117F FD21 94FE E198 3DD2 5C7B 32A8 FFC8


2.3 Do not update

As far as I know, the link <https://crl.cacert.org/class3-revoke.crl> has to stay untouched.


3. Make the new Class 3 Root certificate with serial number x14E228 used on our backend, in order for our members to be able to make their personal certificates signed by it. This is beyond the scope of this request and has probably already been done otherwise.
CAcert_Class3Root_x14E228.crt (2,224 bytes)   
-----BEGIN CERTIFICATE-----
MIIGPTCCBCWgAwIBAgIDFOIoMA0GCSqGSIb3DQEBDQUAMHkxEDAOBgNVBAoTB1Jv
b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
dEBjYWNlcnQub3JnMB4XDTIxMDQxOTEyMTgzMFoXDTMxMDQxNzEyMTgzMFowVDEU
MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
BfvpAgMBAAGjgfIwge8wDwYDVR0TAQH/BAUwAwEB/zBhBggrBgEFBQcBAQRVMFMw
IwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLkNBY2VydC5vcmcvMCwGCCsGAQUFBzAC
hiBodHRwOi8vd3d3LkNBY2VydC5vcmcvY2xhc3MzLmNydDBFBgNVHSAEPjA8MDoG
CysGAQQBgZBKAgMBMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
Zy9jcHMucGhwMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHBzOi8vd3d3LmNhY2VydC5v
cmcvY2xhc3MzLmNybDANBgkqhkiG9w0BAQ0FAAOCAgEAxh6td1y0KJvRyI1EEsC9
dnYEgyEH+BGCf2vBlULAOBG1JXCNiwzB1Wz9HBoDfIv4BjGlnd5BKdSLm4TXPcE3
hnGjH1thKR5dd3278K25FRkTFOY1gP+mGbQ3hZRB6IjDX+CyBqS7+ECpHTms7eo/
mARN+Yz5R3lzUvXs3zSX+z534NzRg4i6iHNHWqakFcQNcA0PnksTB37vGD75pQGq
eSmx51L6UzrIpn+274mhsaFNL85jhX+lKuk71MGjzwoThbuZ15xmkITnZtRQs6Hh
LSIqJWjDILIrxLqYHehK71xYwrRNhFb3TrsWaEJskrhveM0Os/vvoLNkh/L3iEQ5
/LnmLMCYJNRALF7I7gsduAJNJrgKGMYvHkt1bo8uIXO8wgNV7qoU4JoaB1ML30QU
qGcFr0TI06FFdgK2fwy5hulPxm6wuxW0v+iAtXYx/mRkwQpYbcVQtrIDvx1CT1k5
0cQxi+jIKjkcFWHw3kBoDnCos0/ukegPT7aQnk2AbL4c7nCkuAcEKw1BAlSETkfq
i5btdlhh58MhewZv1LcL5zQyg8w1puclT3wXQvy8VwPGn0J/mGD4gLLZ9rGcHDUE
CokxFoWk+u5MCcVqmGbsyG4q5suS3CNslsHURfM8bQK4oLvHR8LCHEBMRcdFBn87
cSvOK6eB1kdGKLA8ymXxZp8=
-----END CERTIFICATE-----
CAcert_Class3Root_x14E228.crt (2,224 bytes)   
CAcert_Class3Root_x14E228.txt (7,540 bytes)   
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1368616 (0x14e228)
    Signature Algorithm: sha512WithRSAEncryption
        Issuer: O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing Authority/emailAddress=support@cacert.org
        Validity
            Not Before: Apr 19 12:18:30 2021 GMT
            Not After : Apr 17 12:18:30 2031 GMT
        Subject: O=CAcert Inc., OU=http://www.CAcert.org, CN=CAcert Class 3 Root
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:ab:49:35:11:48:7c:d2:26:7e:53:94:cf:43:a9:
                    dd:28:d7:42:2a:8b:f3:87:78:19:58:7c:0f:9e:da:
                    89:7d:e1:fb:eb:72:90:0d:74:a1:96:64:ab:9f:a0:
                    24:99:73:da:e2:55:76:c7:17:7b:f5:04:ac:46:b8:
                    c3:be:7f:64:8d:10:6c:24:f3:61:9c:c0:f2:90:fa:
                    51:e6:f5:69:01:63:c3:0f:56:e2:4a:42:cf:e2:44:
                    8c:25:28:a8:c5:79:09:7d:46:b9:8a:f3:e9:f3:34:
                    29:08:45:e4:1c:9f:cb:94:04:1c:81:a8:14:b3:98:
                    65:c4:43:ec:4e:82:8d:09:d1:bd:aa:5b:8d:92:d0:
                    ec:de:90:c5:7f:0a:c2:e3:eb:e6:31:5a:5e:74:3e:
                    97:33:59:e8:c3:03:3d:60:33:bf:f7:d1:6f:47:c4:
                    cd:ee:62:83:52:6e:2e:08:9a:a4:d9:15:18:91:a6:
                    85:92:47:b0:ae:48:eb:6d:b7:21:ec:85:1a:68:72:
                    35:ab:ff:f0:10:5d:c0:f4:94:a7:6a:d5:3b:92:7e:
                    4c:90:05:7e:93:c1:2c:8b:a4:8e:62:74:15:71:6e:
                    0b:71:03:ea:af:15:38:9a:d4:d2:05:72:6f:8c:f9:
                    2b:eb:5a:72:25:f9:39:46:e3:72:1b:3e:04:c3:64:
                    27:22:10:2a:8a:4f:58:a7:03:ad:be:b4:2e:13:ed:
                    5d:aa:48:d7:d5:7d:d4:2a:7b:5c:fa:46:04:50:e4:
                    cc:0e:42:5b:8c:ed:db:f2:cf:fc:96:93:e0:db:11:
                    36:54:62:34:38:8f:0c:60:9b:3b:97:56:38:ad:f3:
                    d2:5b:8b:a0:5b:ea:4e:96:b8:7c:d7:d5:a0:86:70:
                    40:d3:91:29:b7:a2:3c:ad:f5:8c:bb:cf:1a:92:8a:
                    e4:34:7b:c0:d8:6c:5f:e9:0a:c2:c3:a7:20:9a:5a:
                    df:2c:5d:52:5c:ba:47:d5:9b:ef:24:28:70:38:20:
                    2f:d5:7f:29:c0:b2:41:03:68:92:cc:e0:9c:cc:97:
                    4b:45:ef:3a:10:0a:ab:70:3a:98:95:70:ad:35:b1:
                    ea:85:2b:a4:1c:80:21:31:a9:ae:60:7a:80:26:48:
                    00:b8:01:c0:93:63:55:22:91:3c:56:e7:af:db:3a:
                    25:f3:8f:31:54:ea:26:8b:81:59:f9:a1:d1:53:11:
                    c5:7b:9d:03:f6:74:11:e0:6d:b1:2c:3f:2c:86:91:
                    99:71:9a:a6:77:8b:34:60:d1:14:b4:2c:ac:9d:af:
                    8c:10:d3:9f:c4:6a:f8:6f:13:fc:73:59:f7:66:42:
                    74:1e:8a:e3:f8:dc:d2:6f:98:9c:cb:47:98:95:40:
                    05:fb:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            Authority Information Access: 
                OCSP - URI:http://ocsp.CAcert.org/
                CA Issuers - URI:http://www.CAcert.org/class3.crt

            X509v3 Certificate Policies: 
                Policy: 1.3.6.1.4.1.18506.2.3.1
                  CPS: http://www.CAcert.org/cps.php

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:https://www.cacert.org/class3.crl

    Signature Algorithm: sha512WithRSAEncryption
         c6:1e:ad:77:5c:b4:28:9b:d1:c8:8d:44:12:c0:bd:76:76:04:
         83:21:07:f8:11:82:7f:6b:c1:95:42:c0:38:11:b5:25:70:8d:
         8b:0c:c1:d5:6c:fd:1c:1a:03:7c:8b:f8:06:31:a5:9d:de:41:
         29:d4:8b:9b:84:d7:3d:c1:37:86:71:a3:1f:5b:61:29:1e:5d:
         77:7d:bb:f0:ad:b9:15:19:13:14:e6:35:80:ff:a6:19:b4:37:
         85:94:41:e8:88:c3:5f:e0:b2:06:a4:bb:f8:40:a9:1d:39:ac:
         ed:ea:3f:98:04:4d:f9:8c:f9:47:79:73:52:f5:ec:df:34:97:
         fb:3e:77:e0:dc:d1:83:88:ba:88:73:47:5a:a6:a4:15:c4:0d:
         70:0d:0f:9e:4b:13:07:7e:ef:18:3e:f9:a5:01:aa:79:29:b1:
         e7:52:fa:53:3a:c8:a6:7f:b6:ef:89:a1:b1:a1:4d:2f:ce:63:
         85:7f:a5:2a:e9:3b:d4:c1:a3:cf:0a:13:85:bb:99:d7:9c:66:
         90:84:e7:66:d4:50:b3:a1:e1:2d:22:2a:25:68:c3:20:b2:2b:
         c4:ba:98:1d:e8:4a:ef:5c:58:c2:b4:4d:84:56:f7:4e:bb:16:
         68:42:6c:92:b8:6f:78:cd:0e:b3:fb:ef:a0:b3:64:87:f2:f7:
         88:44:39:fc:b9:e6:2c:c0:98:24:d4:40:2c:5e:c8:ee:0b:1d:
         b8:02:4d:26:b8:0a:18:c6:2f:1e:4b:75:6e:8f:2e:21:73:bc:
         c2:03:55:ee:aa:14:e0:9a:1a:07:53:0b:df:44:14:a8:67:05:
         af:44:c8:d3:a1:45:76:02:b6:7f:0c:b9:86:e9:4f:c6:6e:b0:
         bb:15:b4:bf:e8:80:b5:76:31:fe:64:64:c1:0a:58:6d:c5:50:
         b6:b2:03:bf:1d:42:4f:59:39:d1:c4:31:8b:e8:c8:2a:39:1c:
         15:61:f0:de:40:68:0e:70:a8:b3:4f:ee:91:e8:0f:4f:b6:90:
         9e:4d:80:6c:be:1c:ee:70:a4:b8:07:04:2b:0d:41:02:54:84:
         4e:47:ea:8b:96:ed:76:58:61:e7:c3:21:7b:06:6f:d4:b7:0b:
         e7:34:32:83:cc:35:a6:e7:25:4f:7c:17:42:fc:bc:57:03:c6:
         9f:42:7f:98:60:f8:80:b2:d9:f6:b1:9c:1c:35:04:0a:89:31:
         16:85:a4:fa:ee:4c:09:c5:6a:98:66:ec:c8:6e:2a:e6:cb:92:
         dc:23:6c:96:c1:d4:45:f3:3c:6d:02:b8:a0:bb:c7:47:c2:c2:
         1c:40:4c:45:c7:45:06:7f:3b:71:2b:ce:2b:a7:81:d6:47:46:
         28:b0:3c:ca:65:f1:66:9f
-----BEGIN CERTIFICATE-----
MIIGPTCCBCWgAwIBAgIDFOIoMA0GCSqGSIb3DQEBDQUAMHkxEDAOBgNVBAoTB1Jv
b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
dEBjYWNlcnQub3JnMB4XDTIxMDQxOTEyMTgzMFoXDTMxMDQxNzEyMTgzMFowVDEU
MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
BfvpAgMBAAGjgfIwge8wDwYDVR0TAQH/BAUwAwEB/zBhBggrBgEFBQcBAQRVMFMw
IwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLkNBY2VydC5vcmcvMCwGCCsGAQUFBzAC
hiBodHRwOi8vd3d3LkNBY2VydC5vcmcvY2xhc3MzLmNydDBFBgNVHSAEPjA8MDoG
CysGAQQBgZBKAgMBMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
Zy9jcHMucGhwMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHBzOi8vd3d3LmNhY2VydC5v
cmcvY2xhc3MzLmNybDANBgkqhkiG9w0BAQ0FAAOCAgEAxh6td1y0KJvRyI1EEsC9
dnYEgyEH+BGCf2vBlULAOBG1JXCNiwzB1Wz9HBoDfIv4BjGlnd5BKdSLm4TXPcE3
hnGjH1thKR5dd3278K25FRkTFOY1gP+mGbQ3hZRB6IjDX+CyBqS7+ECpHTms7eo/
mARN+Yz5R3lzUvXs3zSX+z534NzRg4i6iHNHWqakFcQNcA0PnksTB37vGD75pQGq
eSmx51L6UzrIpn+274mhsaFNL85jhX+lKuk71MGjzwoThbuZ15xmkITnZtRQs6Hh
LSIqJWjDILIrxLqYHehK71xYwrRNhFb3TrsWaEJskrhveM0Os/vvoLNkh/L3iEQ5
/LnmLMCYJNRALF7I7gsduAJNJrgKGMYvHkt1bo8uIXO8wgNV7qoU4JoaB1ML30QU
qGcFr0TI06FFdgK2fwy5hulPxm6wuxW0v+iAtXYx/mRkwQpYbcVQtrIDvx1CT1k5
0cQxi+jIKjkcFWHw3kBoDnCos0/ukegPT7aQnk2AbL4c7nCkuAcEKw1BAlSETkfq
i5btdlhh58MhewZv1LcL5zQyg8w1puclT3wXQvy8VwPGn0J/mGD4gLLZ9rGcHDUE
CokxFoWk+u5MCcVqmGbsyG4q5suS3CNslsHURfM8bQK4oLvHR8LCHEBMRcdFBn87
cSvOK6eB1kdGKLA8ymXxZp8=
-----END CERTIFICATE-----
CAcert_Class3Root_x14E228.txt (7,540 bytes)   

egal

2021-05-21 21:25

administrator   ~0006006

Please download the source-code using https://secure.cacert.org/src-lic.php

Extract the file /cacert/pages/index/3.php and do the changes in HTML-code there and attach this updated file (or diff) to you (next) note regarding this bug so we can do the review ... ;-)

(If I do the changes, it will get complicated to get the necessary two reviews ... ;-( )

Golffies

2021-05-21 21:49

manager   ~0006007

And who is going to push the new certificate files into https://www.cacert.org/certs/ ?
Bienvenue à CAcert.org.html (8,404 bytes)   
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Bienvenue &agrave; CAcert.org</title>
<link rel="stylesheet" href="/styles/default.css" type="text/css">
<link href="http://blog.CAcert.org/feed/" rel="alternate" type="application/rss+xml" title="rss">
<script language="JavaScript" type="text/javascript">
function explode(e) {
    if (document.getElementById(e).style.display == 'none') {
        document.getElementById(e).style.display = 'block';
    } else {
        document.getElementById(e).style.display = 'none';
    }
}

function hideall() {
        var Nodes = document.getElementsByTagName('ul')
        var max = Nodes.length
        for(var i = 0;i < max;i++) {
                var nodeObj = Nodes.item(i)
		if (nodeObj.className == "menu" && nodeObj.id != "recom") {
	                nodeObj.style.display = 'none';
		}
        }
}
</script>
</head>
<body onload="hideall();">
 <div id="pagecell1">
  <div id="pageName"><br>
    <div id="pageLogo"><a href="http://www.cacert.org"><img src="/images/cacert4.png" border="0" alt="CAcert.org logo"></a></div>
<div id="googlead"><h2>Certificats num&eacute;riques gratuits !</h2></div>
  </div>
  <div id="pageNav">
    <div class="relatedLinks">
      <h3>S'inscrire &agrave; CAcert.org</h3>
            <a href="https://www.cacert.org/index.php?id=1">S'inscrire</a>
            <a href="/policy/CAcertCommunityAgreement.html">Accord communautaire</a>
      <a href="/index.php?id=3">Certificats racine</a>
    </div>
        <div class="relatedLinks">
      <h3 class="pointer">Mon compte</h3>
      <a href="https://www.cacert.org/index.php?id=4">Identification par mot de passe</a>
      <a href="https://www.cacert.org/index.php?id=5">Mot de passe perdu</a>
      <a href="https://www.cacert.org/index.php?id=4&amp;noauto=1">Connexion depuis un Cyber Caf&eacute;</a>
      <a href="https://secure.cacert.org/index.php?id=4">Connexion par certificat</a>
    </div>
            <div class="relatedLinks">
      <h3 class="pointer" onclick="explode('misc')">+ &Agrave; propos de CAcert.org</h3>
      <ul class="menu" id="misc">
        <li><a href="http://blog.cacert.org/">Derni&egrave;res informations sur CAcert</a></li>
	<li><a href="http://wiki.CAcert.org/">Documentation Wiki</a></li>
	<li><a href="/policy/">Proc&eacute;dures applicables</a></li>
	<li><a href="//wiki.cacert.org/FAQ/Privileges">Syst&egrave;me de points</a></li>
	<li><a href="http://bugs.CAcert.org/">Base de donn&eacute;es des bugs</a></li>
	<li><a href="/stats.php">Les statistiques de CAcert</a></li> 	<li><a href="http://blog.CAcert.org/feed/">Flux RSS</a></li>
	<li><a href="//wiki.cacert.org/Board">Conseil d'administration de CAcert</a></li>
	<li><a href="https://lists.cacert.org/wws">Listes de diffusion</a></li>
	<li><a href="/src-lic.php">Code source</a></li>
      </ul>
    </div>

    <div class="relatedLinks">
      <h3 class="pointer" onclick="explode('trans')">+ Traductions</h3>
      <ul class="menu" id="trans"><li><a href="/index.php?id=3&amp;lang=ar">&#1575;&#1604;&#1593;&#1585;&#1576;&#1610;&#1577;</a></li><li><a href="/index.php?id=3&amp;lang=bg">&#1041;&#1098;&#1083;&#1075;&#1072;&#1088;&#1089;&#1082;&#1080;</a></li><li><a href="/index.php?id=3&amp;lang=cs">&#268;e&scaron;tina</a></li><li><a href="/index.php?id=3&amp;lang=da">Dansk</a></li><li><a href="/index.php?id=3&amp;lang=de">Deutsch</a></li><li><a href="/index.php?id=3&amp;lang=el">&Epsilon;&lambda;&lambda;&eta;&nu;&iota;&kappa;&#940;</a></li><li><a href="/index.php?id=3&amp;lang=en">English</a></li><li><a href="/index.php?id=3&amp;lang=es">Espa&#xf1;ol</a></li><li><a href="/index.php?id=3&amp;lang=fi">Suomi</a></li><li><a href="/index.php?id=3&amp;lang=fr">Fran&#xe7;ais</a></li><li><a href="/index.php?id=3&amp;lang=hu">Magyar</a></li><li><a href="/index.php?id=3&amp;lang=it">Italiano</a></li><li><a href="/index.php?id=3&amp;lang=ja">&#26085;&#26412;&#35486;</a></li><li><a href="/index.php?id=3&amp;lang=lv">Latvie&scaron;u</a></li><li><a href="/index.php?id=3&amp;lang=nl">Nederlands</a></li><li><a href="/index.php?id=3&amp;lang=pl">Polski</a></li><li><a href="/index.php?id=3&amp;lang=pt">Portugu&#xea;s</a></li><li><a href="/index.php?id=3&amp;lang=pt-br">Portugu&#xea;s Brasileiro</a></li><li><a href="/index.php?id=3&amp;lang=ru">&#x420;&#x443;&#x441;&#x441;&#x43a;&#x438;&#x439;</a></li><li><a href="/index.php?id=3&amp;lang=sv">Svenska</a></li><li><a href="/index.php?id=3&amp;lang=tr">T&#xfc;rk&#xe7;e</a></li><li><a href="/index.php?id=3&amp;lang=zh-cn">&#x4e2d;&#x6587;(&#x7b80;&#x4f53;)</a></li><li><a href="/index.php?id=3&amp;lang=zh-tw">&#x4e2d;&#x6587;(&#33274;&#28771;)</a></li></ul>
    </div>
        <div class="relatedLinks">
      <h3 class="pointer" onclick="explode('recom')">Publicit&eacute;</h3>
      <ul class="menu" id="recom"></ul>
    </div>
      </div>
  <div id="content">
    <div class="story">

<p>Vous &ecirc;tes li&eacute; par la <a href='/policy/RootDistributionLicense.html'> Licence de distribution des certificats Racine (Root Distribution Licence) </a> pour pouvoir redistribuer les certificats racines de CAcert.</p>

<h3>Cl&eacute; PKI de classe 1</h3>
<ul class="no_indent">
	<li><a href="certs/root_X0F.crt">Certificat racine (format PEM)</a></li>
	<li><a href="certs/root_X0F.der">Certificat racine (format DER)</a></li>
	<li><a href="certs/root_X0F.txt">Certificat racine (Format Texte)</a></li>
	<li><a href="https://crl.cacert.org/revoke.crl">CRL</a></li>
	<li>SHA256 fingerprint: 07ED BD82 4A49 88CF EF42 15DA 20D4 8C2B 41D7 1529 D7C9 00F5 7092 6F27 7CC2 30C5</li>
    <li>SHA1 fingerprint: DDFC DA54 1E75 77AD DCA8 7E88 27A9 8A50 6032 52A5</li>
</ul>

<h3>Cl&eacute; PKI de classe 3</h3>
<ul class="no_indent">
	<li><a href="certs/CAcert_Class3Root_x14E228.crt">Certificat Interm&eacute;diaire (Format PEM)</a></li>
	<li><a href="certs/CAcert_Class3Root_x14E228.der">Certificat Interm&eacute;diaire (Format DER)</a></li>
	<li><a href="certs/CAcert_Class3Root_x14E228.txt">Certificat Interm&eacute;diaire (Format Texte)</a></li>
	<li><a href="https://crl.cacert.org/class3-revoke.crl">CRL</a></li>
    <li>SHA256 fingerprint: 1BC5 A61A 2C0C 0132 C52B 284F 3DA0 D8DA CF71 7A0F 6C1D DF81 D80B 36EE E444 2869</li>
    <li>SHA1 fingerprint: D8A8 3A64 117F FD21 94FE E198 3DD2 5C7B 32A8 FFC8</li>
</ul>

<h3>Cl&eacute; GPG</h3>
<ul class="no_indent">
	<li><a href="certs/cacert.asc">Cl&eacute; GPG de CAcert</a></li>
	<li>ID de cl&eacute; GPG : 0x65D0FD58</li>
	<li>Empreinte : A31D 4F81 EF4E BD07 B456 FA04 D2BB 0D01 65D0 FD58</li>
</ul>



<pre>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

pub  1024D/65D0FD58 2003-07-11 CA Cert Signing Authority (Root CA)
     Key fingerprint = A31D 4F81 EF4E BD07 B456  FA04 D2BB 0D01 65D0 FD58
sub  2048g/113ED0F2 2003-07-11 [expires: 2033-07-03]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCEDLN0rsNAWXQ/VgRArhhAJ9EY1TJOzsVVuy2lL98CoKL0vnJjQCfbdBk
TG1yj+lkktROGGyn0hJ5SbM=
=tXoj
-----END PGP SIGNATURE-----
</pre>

<h3>Historique</h3>
<p>
Un aper&ccedil;u de tous les certificats CA &eacute;mis peut &ecirc;tre trouv&eacute; dans <a href="//wiki.cacert.org/Roots/StateOverview">le wiki</a>.</p>
      </div>
    </div>
    <div class="sponsorinfo">
    Les op&eacute;rations CAcert sont parrain&eacute;es par    <a href="http://www.bit.nl/" target="_blank"><img class="sponsorlogo" src="/images/bit.png" alt="[BIT logo]" border="0"></a>
    <a href="http://www.tunix.nl/" target="_blank"><img class="sponsorlogo" src="/images/tunix.png" alt="[TUNIX logo]" border="0"></a>
    <a href="http://www.nlnet.nl/" target="_blank"><img class="sponsorlogo" src="/images/nlnet.png" alt="[NLnet logo]" border="0"></a>
    <a href="http://www.openarchitecturenetwork.org/" target="_blank"><img class="sponsorlogo" src="/images/oan.png" alt="[OAN logo]" border="0"></a>
  </div>

  <div id="siteInfo">
	<a href="//wiki.cacert.org/FAQ/AboutUs">&Agrave; notre sujet</a> | <a href="/index.php?id=13">Dons</a> | <a href="http://wiki.cacert.org/wiki/CAcertIncorporated">Adh&eacute;sion &agrave; l'association</a> |
        <a href="/policy/PrivacyPolicy.html">R&egrave;gles de confidentialit&eacute;</a> |
        <a href="/index.php?id=51">Expos&eacute; des missions de CAcert.org</a> | <a href="/index.php?id=11">Contactez-nous</a> |
	&copy;2002-2021 par CAcert</div>
</div>
</body>
</html>
Bienvenue à CAcert.org.html (8,404 bytes)   

alkas

2021-05-22 07:41

manager   ~0006008

3.php corrected according to 0001526~0006005 and 0001526~0006006
3.php (3,910 bytes)   
<? /*
    LibreSSL - CAcert web application
    Copyright (C) 2004-2008  CAcert Inc.

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; version 2 of the License.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
*/ ?>

<p><?=sprintf(_("You are bound by the %s Root Distribution Licence %s for any re-distributions of CAcert's roots."),"<a href='/policy/RootDistributionLicense.html'>","</a>")?></p>

<h3><?=_("Class 1 PKI Key")?></h3>
<ul class="no_indent">
	<li><a href="certs/root_X0F.crt"><?=_("Root Certificate (PEM Format)")?></a></li>
	<li><a href="certs/root_X0F.der"><?=_("Root Certificate (DER Format)")?></a></li>
	<li><a href="certs/root_X0F.txt"><?=_("Root Certificate (Text Format)")?></a></li>
	<li><a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/revoke.crl">CRL</a></li>
	<li><?=_("SHA256 fingerprint:")?> 07ED BD82 4A49 88CF EF42 15DA 20D4 8C2B 41D7 1529 D7C9 00F5 7092 6F27 7CC2 30C5</li>
    <li><?=_("SHA1 fingerprint:")?> DDFC DA54 1E75 77AD DCA8 7E88 27A9 8A50 6032 52A5</li>
</ul>

<h3><?=_("Class 3 PKI Key")?></h3>
<ul class="no_indent">
	<li><a href="certs/CAcert_Class3Root_x14E228.crt"><?=_("Intermediate Certificate (PEM Format)")?></a></li>
	<li><a href="certs/CAcert_Class3Root_x14E228.der"><?=_("Intermediate Certificate (DER Format)")?></a></li>
	<li><a href="certs/CAcert_Class3Root_x14E228.txt"><?=_("Intermediate Certificate (Text Format)")?></a></li>
	<li><a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/class3-revoke.crl">CRL</a></li>
    <li><?=_("SHA256 fingerprint:")?> 1BC5 A61A 2C0C 0132 C52B 284F 3DA0 D8DA CF71 7A0F 6C1D DF81 D80B 36EE E444 2869</li>
    <li><?=_("SHA1 fingerprint:")?> D8A8 3A64 117F FD21 94FE E198 3DD2 5C7B 32A8 FFC8</li>
</ul>

<h3><?=_("GPG Key")?></h3>
<ul class="no_indent">
	<li><a href="certs/cacert.asc"><?=_("CAcert's GPG Key")?></a></li>
	<li><?=_("GPG Key ID:")?> 0x65D0FD58</li>
	<li><?=_("Fingerprint:")?> A31D 4F81 EF4E BD07 B456 FA04 D2BB 0D01 65D0 FD58</li>
</ul>


<?php if ( false ) { ?>
    /**
    Since we don't seem to have a way to GPG sign our current key, we have, at least temporarily, removed this.

    https://bugs.cacert.org/view.php?id=1305#c5784

    **/
<h4><?=_("PKI fingerprint signed by the CAcert GPG Key")?></h4>
    <pre>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

For most software, the fingerprint is reported as:
A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B

Under MSIE the thumbprint is reported as:
135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/VtRZ0rsNAWXQ/VgRAphfAJ9jh6TKBDexG0NTTUHvdNuf6O9RuQCdE5kD
Mch2LMZhK4h/SBIft5ROzVU=
=R/pJ
-----END PGP SIGNATURE-----
</pre>
<?php } ?>

<pre>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

pub  1024D/65D0FD58 2003-07-11 CA Cert Signing Authority (Root CA)
     Key fingerprint = A31D 4F81 EF4E BD07 B456  FA04 D2BB 0D01 65D0 FD58
sub  2048g/113ED0F2 2003-07-11 [expires: 2033-07-03]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCEDLN0rsNAWXQ/VgRArhhAJ9EY1TJOzsVVuy2lL98CoKL0vnJjQCfbdBk
TG1yj+lkktROGGyn0hJ5SbM=
=tXoj
-----END PGP SIGNATURE-----
</pre>

<h3><?=_("History")?></h3>
<p>
<? printf(_('An overview over all CA certificates ever issued can be found in '.
        '%sthe wiki%s.'),
    '<a href="//wiki.cacert.org/Roots/StateOverview">',
    '</a>') ?>
</p>
3.php (3,910 bytes)   

egal

2021-05-22 11:30

administrator   ~0006009

Last edited: 2021-05-22 11:31

As the diff only shows filename- and fingerprint-changes (and the fingerprints are the correct ones) the review is passed.

But ... as we already published the Class-3-certificate using the name class3_2021.crt I suggest to follow this naming-convention for PEM, DER and TXT-Format, so the diff should be:

$diff
33,35c33,35
<
  • <a href="certs/class3_2021.crt"><?=_("Intermediate Certificate (PEM Format)")?></a>

  • <
  • <a href="certs/class3_2021.der"><?=_("Intermediate Certificate (DER Format)")?></a>

  • <
  • <a href="certs/class3_2021.txt"><?=_("Intermediate Certificate (Text Format)")?></a>

  • ---
    >
  • <a href="certs/class3_X0E.crt"><?=_("Intermediate Certificate (PEM Format)")?></a>

  • >
  • <a href="certs/class3_X0E.der"><?=_("Intermediate Certificate (DER Format)")?></a>

  • >
  • <a href="certs/class3_X0E.txt"><?=_("Intermediate Certificate (Text Format)")?></a>

  • 37,38c37,38
    <
  • <?=_("SHA256 fingerprint:")?> 1BC5 A61A 2C0C 0132 C52B 284F 3DA0 D8DA CF71 7A0F 6C1D DF81 D80B 36EE E444 2869

  • <
  • <?=_("SHA1 fingerprint:")?> D8A8 3A64 117F FD21 94FE E198 3DD2 5C7B 32A8 FFC8

  • ---
    >
  • <?=_("SHA256 fingerprint:")?> F687 3D70 D675 96C2 ACBA 3440 1E69 738B 5270 1DD6 AB06 B497 49BC 5515 0936 D544

  • >
  • <?=_("SHA1 fingerprint:")?> A7C4 8FBE 6B02 6DBD 0EC1 B465 B88D D813 EE1D EFA0

  • Golffies

    2021-06-09 22:44

    manager   ~0006013

    The reasons for choosing the name CAcert_Class3Root_x14E228.* are as follows:


        CAcert Class3Root x14E228
       |______| |__________| |_______|

          | | |
          | | |
          | | ---> the serial number identifies the
          | | certificate without ambiguity
          | |
          | ---> the full name of the certificate is the one found
          | in the documentation = no ambiguity
          |
           ---> once downloaded, the CA should remain easy to identify
                alphabetically among other files

    Ted

    2021-06-12 20:59

    administrator   ~0006014

    As discussed in email communication, the naming scheme should be as proposed by @alkas.

    Note that there is no technical reasoning, the idea is simply that the "long" naming scheme better identifies the file's content, for system management as well as for users who'll download the file.

    If possible the files should also be accessible via the link https://www.cacert.org/certs/class3.*, the idea is that there is a fixed link which always points to the currently used class 3 certificate.

    The review is a PASS (for both variants).

    Golffies

    2021-08-06 09:52

    manager   ~0006049

    The page https://www.cacert.org/index.php?id=3 has been updated by Dirk with the new Class 3 Root certificate and its own SHA1 and SHA256 fingerprints.

    Issue History

    Date Modified Username Field Change
    2021-05-21 08:13 alkas New Issue
    2021-05-21 08:13 alkas Tag Attached: Class 3
    2021-05-21 08:13 alkas Tag Attached: renew
    2021-05-21 21:16 Golffies Note Added: 0006005
    2021-05-21 21:16 Golffies File Added: CAcert_Class3Root_x14E228.crt
    2021-05-21 21:16 Golffies File Added: CAcert_Class3Root_x14E228.der
    2021-05-21 21:16 Golffies File Added: CAcert_Class3Root_x14E228.txt
    2021-05-21 21:25 egal Note Added: 0006006
    2021-05-21 21:49 Golffies Note Added: 0006007
    2021-05-21 21:49 Golffies File Added: Bienvenue à CAcert.org.html
    2021-05-22 07:41 alkas Note Added: 0006008
    2021-05-22 07:41 alkas File Added: 3.php
    2021-05-22 11:30 egal Reviewed by => egal
    2021-05-22 11:30 egal Note Added: 0006009
    2021-05-22 11:31 egal Note Edited: 0006009
    2021-05-22 11:51 egal Assigned To => Ted
    2021-05-22 11:51 egal Status new => needs review & testing
    2021-05-22 11:52 egal Status needs review & testing => needs review
    2021-06-09 22:44 Golffies Note Added: 0006013
    2021-06-12 20:59 Ted Note Added: 0006014
    2021-06-12 21:00 Ted Status needs review => ready to deploy
    2021-06-12 21:00 Ted Reviewed by egal => egal, Ted
    2021-08-06 09:52 Golffies Note Added: 0006049
    2021-08-06 10:14 Golffies Status ready to deploy => closed
    2021-08-06 10:14 Golffies Resolution open => fixed
    2021-08-06 10:14 Golffies Steps to Reproduce Updated