English | Italiano

Browser Inclusion Status

Status

Traditionally vendors seeking to have their root certificates included in browsers (directly or via the underlying OS infrastructure like Safari via OS X's Keychain) would have to seek an expensive Webtrust audit (~$75,000 up-front plus ~$10,000 per year). While achievable for commercial CAs who typically charge per certificate year, this is typically out of the reach of non-profit organisations like CAcert.

CAcert's primary focus and largest challenge at present is to meet the fair but firm policy of Mozilla with a view to inclusion in their products, including the popular Firefox browser (see Mozilla bug 215243). To that end an Audit is underway (you can refer to the AuditToDo list for progress and our Certificate Policy Statement is being refined at CPS (many thanks to Christian Barmala's work on this topic and for everyone who has contributed to the shaping of these policies).

If you are unsatisfied with the rate of progress that is done you are welcome to HelpingCAcert the various teams by contributing your time for support, arbitration or software assessment.

Please keep in mind, that there are also Browser_Exclusions for other CA in recent time.

Software

OS

Status

Category

Name

Version

Issue(s)

Owner

Comments

Included

OS

Replicant (Android)

Commit

Included

OS

ArkLinux

2006.1

Contain

OS

Debian

213086 718434 785423

not included in ca-certificates since march 2014, but available as package ca-cacert

Included

OS

Privatix

Privatix is based on Debian GNU/Linux.

Included

OS

FreeWRT

1

Included

OS

Gentoo

93520

Included

OS

Knoppix

6.1

screenshot [dead link]

Included

OS

Mandriva

2007.1/2008.1/2009.1/2010.0/cooker

23171 31567 34790

Included

OS

GRML

http://grml.org/screeni/cacert.png [dead link]

Included

OS

MirOS BSD

changelog

Included

OS

Arch Linux

Seems to be included again since end of 2014: https://www.archlinux.org/packages/core/any/ca-certificates-cacert/

Removed

OS

OpenBSD

Was included until 5.6, when it was removed with a comment citing conflict with CAcert's redistribution license: "Notably this removes CAcert who it turns out have strict requirements on redistribution (http://www.cacert.org/policy/RootDistributionLicense.php) which we don't meet."

Included

Server

Openfire

XMPP chat server software includes class 1 & class 3 roots

Disabled

OS

CentOS

3, 4

announcement, version 5 question

Disabled

OS

Ubuntu

6.10

ca-certificates

BoF discussion Import from cacert.org.crt

Stalled

OS

Fedora

120280

Dependent on Mozilla inclusion per comment 2

Stalled

OS

FreeBSD

ca-roots ca_root_nss

The old ca-roots port (which included the CAcert certificate) was removed with the comment "Not supported by FreeBSD Security Officer anymore". The current certificate package (ca_root_nss) is a copy of the Mozilla certificate package and FreeBSD is therefore dependent on Mozilla inclusion

Requested

OS

Mac OS X

5585471

Policy requires WebTrust audit

Unknown

OS

Symbian OS

Unknown

OS

Fedora

-

474549

Review Request for the integration in Fedora is open

Contain

OS

openSUSE

openSUSE package ca-certificates-cacert contains CAcert root certificates. The user may install it; it is not automatically installed during installation procedure. ref.

Unknown

OS

Suse

Order: Status, Name

Browser, etc.

Status

Category

Name

Version

Issue(s)

Owner

Comments

Included

Browser

XeroBank [dead link]

2.0.0.2a

Previously Torpark

Included

Device

Nokia 770/N800/N810 (not N900)

product page

Included

Package

MirPorts Framework

net/curl

Depends on CA bundle of MirOS BSD

Included

Package

MirPorts Framework

2.0.0.14-1

www/firesomething

(Firef*x) patched with MirOS BSD certificate bundle

Included

Server

Openfire

XMPP chat server software includes class 1 & class 3 roots

Stalled

Browser

Mozilla

215243

Includes Firefox, Thunderbird, etc. Awaiting audit to meet policy, we still have some work to do

Requested

Browser

PaleMoon

Minutes

Moonchild Productions

Requested

Browser

Safari

5829965

Apple

Based on WebKit & uses OS X Keychain. Users can provide feedback via Safari->Report Bugs to Apple...

Browser

iCab

Alexander Clauss

Macintosh only

Browser

Konqueror

KDE Project

Browser

Opera

Opera Software

Browser

Vivaldi

Vivaldi Technologies

Browser

Iron

SRWare

Chrome ohne Spionagefunktionen (Android, Linux, Macintosh, Windows)

Browser

UC Browser

UC Web / Alibaba Group

Mobile phones, ...

Order: Status, Name (more browsers: https://www.browser-statistik.de/browser/ )

Organisations

The following organisations (in alphabetical order) deploy CAcert roots to their end user workstations:

Country

Town/State

Organisation

Comments

Austria

Vienna

htl donaustadt
(Secondary Technical and Vocational College)

Class 1 & 3 root certificates deployed to servers and workstations for students, teachers & administration

Germany

Bad Schussenried

MSE-iT Software Development

Class 1 & 3 root certificates deployed to servers and workstations for employees and customers

Germany

München

Allianz Gruppe

Class 1 & 3 root certificates deployed to servers and workstations for employees and customers

Switzerland

Zurich

University of Applied Sciences and Arts (HGKZ)

Class 1 & 3 root certificates deployed to servers, terminal servers and workstations for students, lecturers & administration

Order: Country, Town, Organisation

Here you will find a list of assured Organisations For advanced electronic signatures see here.

History

The past of browser inclusion from 2002 to 2008: http://iang.org/papers/open_audit_lisa.html


InclusionStatus (last edited 2017-12-03 22:29:25 by EtienneRuedin)