Status
Traditionally vendors seeking to have their root certificates included in browsers (directly or via the underlying OS infrastructure like Safari via OS X's Keychain) would have to seek an expensive Webtrust audit (~$75,000 up-front plus ~$10,000 per year). While achievable for commercial CAs who typically charge per certificate year, this is typically out of the reach of non-profit organisations like CAcert.
CAcert's primary focus and largest challenge at present is to meet the fair but firm policy of Mozilla with a view to inclusion in their products, including the popular Firefox browser (see Mozilla bug 215243). To that end an Audit is underway (you can refer to the AuditToDo list for progress and our Certificate Policy Statement is being refined at CPS (many thanks to Christian Barmala's work on this topic and for everyone who has contributed to the shaping of these policies).
Software
Status |
Category |
Name |
Version |
Issue(s) |
Owner |
Comments |
Included |
Browser |
2.0.0.2a |
|
|
Previously Torpark |
|
Included |
Device |
|
|
|
||
Included |
OS |
2006.1 |
|
|
|
|
Included |
OS |
4 |
|
|
||
Included |
OS |
|
|
|||
Included |
OS |
|
|
|
||
Included |
OS |
|
|
|
||
Included |
OS |
6.1 |
|
|
||
Included |
OS |
2007.1 |
|
|
||
Included |
OS |
|
|
|
||
Included |
OS |
|
|
|
||
Included |
Package |
|
net/curl |
|
Depends on CA bundle of MirOS BSD |
|
Included |
Package |
2.0.0.14-1 |
www/firesomething |
|
(Firef*x) patched with MirOS BSD certificate bundle |
|
Included |
OS |
|
|
|
|
|
Included |
Server |
|
|
|
XMPP chat server software includes class 1 & class 3 roots |
|
Disabled |
OS |
6.10 |
|
BoF discussion Import from cacert.org.crt |
||
Stalled |
Browser |
|
|
Includes Firefox, Thunderbird, etc. Awaiting audit to meet policy |
||
Stalled |
OS |
|
|
Dependent on Mozilla inclusion per comment 2 |
||
Stalled |
OS |
|
|
The old ca-roots port (which included the CAcert certificate) was removed with the comment "Not supported by FreeBSD Security Officer anymore". The current certificate package (ca_root_nss) is a copy of the Mozilla certificate package and FreeBSD is therefore dependent on Mozilla inclusion |
||
Requested |
OS |
|
|
|||
Requested |
Browser |
|
|
Based on WebKit & uses OS X Keychain. Users can provide feedback via Safari->Report Bugs to Apple... |
||
Unknown |
OS |
|
|
|
|
|
Unknown |
OS |
- |
|
Review Request for the integration in Fedora is open |
Order: Status, Name
Organisations
The following organisations (in alphabetical order) deploy CAcert roots to their end user workstations:
Country |
City/State |
Organisation |
Comments |
Austria |
Vienna |
htl donaustadt |
Class 1 & 3 root certificates deployed to servers and workstations for students, teachers & administration |
Germany |
Bad Schussenried |
Class 1 & 3 root certificates deployed to servers and workstations for employees and customers |
|
Switzerland |
Zurich |
Class 1 & 3 root certificates deployed to servers, terminal servers and workstations for students, lecturers & administration |
|
Switzerland |
Köniz |
Class 1 & 3 root certificates deployed to workstations for students, teacher & administration |
Order: Country, City, Organisation