česky | deutsch | english | français

How CAcert works from the user's point of view

CAcert.org is a Certificate Authority (CA) that issues certificates free of charge to the general public. The CA is managed by the community' CAcert. Anyone who needs a CAcert certificate becomes a member of this community. It is their responsibility to follow the rules in the CAcert Community Agreement (CCA) document. An individual or an organization can be a member of the CAcert Community. An individual or a representative of an organization creates an account on the CAcert's Web of Trust (WoT).

CAcert's goal is to bring awareness and education about computer security through the use of encryption, particularly by providing cryptographic certificates. These certificates can be used to digitally sign and encrypt e-mail messages, to authenticate and authorize users connecting to websites, and to secure data transmissions over the Internet. Any application that supports Secure Socket Layer (SSL) or Transport Layer Security (TLS) can use CAcert-signed certificates in the same manner as applications using X.509 certificates, e.g., for encryption, code signing, and document signing.

A new member of the CAcert community has minimal credibility (trustworthiness). He can only have client certificates issued and used for signing and encrypting email messages.

Each member of the community can increase their credibility by using the unique principle of Assurance. Experienced members of the CAcert community, called Assurers, can assure another member and assign 10 to 30 assurance points (AP). Once a member reaches 50 APs, the trustworthiness of the member is so high that he can issue certificates for his SSL/TLS server, for example for a web server.

The act of assurance usually consists of the Assurer arranging a face-to-face meeting to review at least two of the assuree's documents. Two of these must be issued by the state and bear the assuree's photograph. These are typically an identity card and a driving licence. The Assurer and assuree will take a record of the meeting and the Assurer will then assign some AP points, according to that Assurer's capabilities, to the assured community member. The Assurer then enters those AP points into the assuree's WoT account.

If an assured community member achieves 100 AP points and passes the Assurer Challenge exam on the CAcert Assurer Testing System (CATS), he or she becomes an Assurer. In addition to assuring, he can have his name on his client certificate and can sign documents or programs.