wiki:CAL Certificate Authority

CAL Certificate Authority

The Columbia Astrophysics Laboratory is going to run its own certificate authority. Its SHA1 fingerprint is:

SHA1 Fingerprint 32:F7:12:29:A7:30:AB:0E:2A:AA:6A:C3:A4:16:AF:B6:55:44:F9:AD

You can get a copy of the current Certificate Authority Root Certificate in the repository, or if you are already on a CAL Configured Workstation, the Root Certificate is available at /usr/share/ca-certificates/cal/CAL-CA_root_cert.crt.

If you want to smoothly use secure connections to servers on the CAL network, download that file and import it into your browser or other SSL/TLS-aware application.

using the certificate in Firefox

To import the certificate in Mozilla Firefox 1.5, just navigate to the file in the repository and click the "Original Format" link at the bottom of that page. You can click the View button to double-check the fingerprint of the certificate, and you should check at least "can identify web servers" before accepting the import of the certificate. That's it!

using the certificate in Thunderbird

To import the certificate in Mozilla Thunderbird 1.5, first download the file from the repository (right-click the "plain text" link at the bottom of that page, and choose "save target as"), and save it somewhere reasonable. Now, in Thunderbird, choose Edit|Preferences and select the Privacy icon. In the tabs that show up, choose Security, and click the "View Certificates" button.

In the new "Certificate Manager" dialog that appears, choose the Authorities tab, and click the Import button. Navigate to the file you just downloaded, and select it.

In the "Downloading Certificate" dialog that appears, select the levels of trust that you want to grant it. For typical use with Thunderbird, you want to at least choose "can identify web sites", but it might be handy to select "email users" as well. If you want to check the SHA1 fingerprint by clicking View before you click OK, that would be good.

Choose OK, OK, Close, and now Thunderbird is ready to interact cleanly with CAL mailservers.

using the certificate in Evolution

The Evolution Groupware Suite keeps its own certificate authority list. To set it up with the CAL CA, download a copy of the certificate (as above), and then open evolution (these instructions were taken from version 2.6.1).

Choose Edit|Preferences... and in the dialog box that appears, select Certificates from the left-hand pane. Choose the Authorities tab in the set of tabs that shows up on the right, and click Import. Navigate to the file you just downloaded and select it.

A dialog box will appear asking for the level of trust you wish to grant (it might try to hide behind the other dialog boxes; try moving them around if it looks like nothing is showing up). You probably want to grant at least "identify web sites" and "identify e-mail users". If you want to check the SHA1 fingerprint by clicking View Certificate before you click OK, that would be good.

Choose OK and Close, and Evolution should be ready with the CAL CA Certificate.

using the certificate in Mac OS X

To import the certificate in Mac OS X, first navigate to the file in the repository and click the "Original Format" link at the bottom of that page. This should save a copy of the root certificate on your desktop.

Double-click on this certificate and it will open Keychain access, and will ask if you want to add this certificate to a keychain. Select "X509Anchors" in the pull-down menu and click OK. When asked, enter your administrative password to add this certificate to your keychain. From now on, you should not be asked to confirm the CAL certificates.

using the certificate in mutt

download the certificate as described in the Thunderbird section, and append it to the file specified by your mutt configuration's certificate_file variable (by default, this is is ~/.mutt_certificates).

For example, if you downloaded it and saved it as ~/CAL-CA_root_cert.pem, you can simply do:

cat ~/CAL-CA_root_cert.pem >> ~/.mutt_certificates

To ensure that you are putting it in the right place, you can query mutt about the value of its certificate_file variable with:

mutt -Q certificate_file

personal certificates

You may also want to consider setting up a Personal Certificate

Last modified 18 years ago Last modified on 08/02/06 23:31:25
Note: See TracWiki for help on using the wiki.