English
Singapore time: 03:42
non1 U.S.$ = 110.8900 ¥en
up1 U.S.$ = 1.2135 SG $
down1 ¥en = 0.1895 SG $
Registration

CAcert Root Certificate

Home / Information / CAcert Root Certificate
HowTo: Import the CAcert Root Certificate into Client Software

If you want to access a website that uses a SSL certificate signed by CAcert, you might get an SSL warning. We are sorry, but currently that's still 'normal' as mainstream browsers don't automatically include the CAcert Root Certificate yet.
This article (original on http://wiki.cacert.org/wiki) tells you how you can manually import the CAcert Root Certificate in you webbrowser so that you don't get these warnings anymore.
Expected Result: You access https://saanet.sg/ and don't get any warnings about unknown certificates anymore.

Contents:
1. Mozilla Firefox
2. Opera Webbrowser
3. Microsoft Internet Exporer
3.1. Installation using ActiveX (for a single user)
3.2. Manual Installation (for a single user)

Mozilla Firefox

Firefox uses it's own Certificate Manager. So even if your Windows (and other Microsoft) applications already use a root certificate Firefox still might not. The following procedure tells you how to import the CAcert Root Certificate into your Firefox webbrowser.
  1. Go to the CAcert Root Certificate website: http:// www.cacert.org/index.php?id=3
  2. Click on 'Root Certificate (PEM Format)
  3. You'll get::


You have been asked to trust a new Certificate Authority (CA).

Do you want to trust 'CA Cert Signing Authority' for the following purposes?

[ ] Trust this CA to identify web sites.
[ ] Trust this CA to identify email users.
[ ] Trust this CA to identify software developers.

Before trusting this CA for any purpose, you should examine its certificate
and its policy and procedures (if available).

[VIEW] Examine CA certificate


  1. You should click on VIEW to check the certificate. Most important is that you check the fingerprints of the certificate. They should match the following:


SHA1 Fingerprint: 135C:EC36:F49C:B8E9:3B1A:B270:CD80:8846:76CE:8F33

MD5 Fingerprint: A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B


  1. Close the Certificate Viewer and tick at least the first box ('Trust this CA to identify web sites.').
  2. Press OK and that's it.
Don't forget to install the CRL too! (just enter the URL<«http://www.cacert.org/revoke.crl» and follow the directions.)

If you want to check, modify, or delete the CAcert Root Certificate you can access it at any time via:
  1. Open Edit -> Preferences -> Advanced or Open Tools -> Options -> Advanced Certificates -> Manage Certificates Authorities
  2. The CAcert certificate is called Root СА (Scroll down to 'R'!)
  3. Here you can View, Edit and Delete it.

Opera Web-browser

This applies to 8.02 Linux, not sure about 6.x or 7.x
  1. Go to the CAcert Root Certificate website: http:// www.cacert.org/index.php?id=3
  2. Click on «Root Certificate (PEM Format)»
  3. Choose «View»
  4. Check 'Allow connections to sites using this certificate'
  5. If desired, uncheck 'Warn me before using this certificate'

There seems to be an occasional problem getting the certification to pass on Opera 8.5 in Windows. Here is the workaround:
  1. Make sure cache is cleared.
  2. Attempt to get cert. via Opera ID'ing.
  3. Attempt to get while ID'ing as IE 6.0 (in Opera).
  4. Attempt to get while ID'ing as Opera again. This time, cert. should pass through.
It seems there is something about the caching where it wants both IE and Opera set at the same time before it will let the Opera cert. go through. Odd, but it works.

Microsoft Internet Exporer

You have two possiblities using Microsoft Internet Exporer. One is to automatically install it using ActiveX and one is to manually import it.

Installation using ActiveX (for a single user)
  1. Go to the CAcert Root Certificate website: http:// www.cacert.org/index.php?id=3
  2. Click on 'Click here if you want to import the root certificate into Microsoft Internet Explorer'
  3. Check that certificate match the following:


Fingerprints
SHA1: 135C:EC36:F49C:B8E9:3B1A:B270:CD80:8846:76CE:8F33

MD5: A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B

  1. Click on yes.

Manual Installation (for a single user)
If you want to install the CAcert Root Certificate manually into Internet Explorer do the following:
  1. Go to the CAcert Root Certificate website: http:// www.cacert.org/index.php?id=3
  2. Download the 'Root Certificate' (choose either DER or PEM Format - it doesn't matter)
  3. Open the Windows Key Store: View -> Tools -> Internet Options -> Content -> Personal -> Certificates
  4. Import the Certificate you downloaded


Note: This procedure only adds the CAcert Root Certificate to the current user! If you have multiple user accounts have a look at the next section.