'''English''' | [[InclusionStatus/IT|Italiano]] = Browser Inclusion Status = === Status === Traditionally vendors seeking to have their root certificates included in browsers (directly or via the underlying OS infrastructure like Safari via OS X's Keychain) would have to seek an expensive [[http://www.webtrust.org/|Webtrust]] audit (~$75,000 up-front plus ~$10,000 per year). While achievable for commercial CAs who typically charge per certificate year, this is typically out of the reach of non-profit organisations like CAcert. CAcert's primary focus and largest challenge at present is to meet the fair but firm [[http://www.mozilla.org/projects/security/certs/policy/|policy]] of Mozilla with a view to inclusion in their products, including the popular [[http://www.mozilla.com/firefox/|Firefox]] browser (see Mozilla bug [[https://bugzilla.mozilla.org/show_bug.cgi?id=215243#c158|215243]]). To that end an [[Audit]] is underway (you can refer to the AuditToDo list for progress and our [[http://www.cacert.org/cps.php|Certificate Policy Statement]] is being refined at [[CPS]] (many thanks to [[http://web.archive.org/web/20041204020023/http://ca.barmala.com/index.de.php|Christian Barmala]]'s work on this topic and for everyone who has contributed to the shaping of these policies). If you are unsatisfied with the rate of progress that is done you are welcome to [[HelpingCAcert]] the various teams by contributing your time for support, arbitration or software assessment. Please keep in mind, that there are also [[Browser_Exclusions]] for other CA in recent time. == Software == === OS === ||'''Status'''||'''Category'''||'''Name'''||'''Version'''||'''Issue(s)'''||'''Owner'''||'''Comments'''|| ||<#80FF80>Included||OS||[[http://replicant.us/|Replicant (Android)]]|| || || || [[https://gitorious.org/replicant/libcore/commit/b32087cc78dfd13aac9e6476266cf211b179af2f|Commit]] || ||<#80FF80>Included||OS||[[http://arklinux.org/|ArkLinux]]||2006.1|| || || || ||<#4169e1>Contain||OS||[[http://debian.org/|Debian]]|| ||[[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=213086|213086]] [[https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718434#129|718434]] [[https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785423|785423]] || || not included in ca-certificates since march 2014, but available as package ca-cacert || ||<#80FF80>Included||OS||[[http://www.mandalka.name/privatix/index.html.en|Privatix]]|| || || || Privatix is based on Debian GNU/Linux. || ||<#80FF80>Included||OS||[[http://freewrt.org/|FreeWRT]]|| ||[[http://www.freewrt.org/trac/ticket/1|1]]|| || || ||<#80FF80>Included||OS||[[http://gentoo.org/|Gentoo]]|| ||[[http://bugs.gentoo.org/show_bug.cgi?id=93520|93520]]|| || || ||<#80FF80>Included||OS||[[http://knoppix.org/|Knoppix]]||6.1|| || ||[[http://www.tdj23.com/media/cacert_knoppix6.1.png|screenshot]] ~-[dead link]-~|| ||<#80FF80>Included||OS||[[http://mandriva.com|Mandriva]]||2007.1/2008.1/2009.1/2010.0/cooker||[[http://qa.mandriva.com/show_bug.cgi?id=23171|23171]] [[http://qa.mandriva.com/show_bug.cgi?id=31567|31567]] [[http://qa.mandriva.com/show_bug.cgi?id=34790|34790]]|| || || ||<#80FF80>Included||OS||[[http://www.grml.org/|GRML]]|| || || ||[[http://grml.org/screeni/cacert.png]] ~-[dead link]-~|| ||<#80FF80>Included||OS||[[http://mirbsd.de/|MirOS BSD]]|| || || ||[[https://www.mirbsd.org/wlog-7.htm|changelog]]|| ||<#80FF80>Included||OS||[[http://www.archlinux.org/|Arch Linux]]|| || || || Seems to be included again since end of 2014: [[https://www.archlinux.org/packages/core/any/ca-certificates-cacert/]] || ||<#FF0000>Removed||OS||[[http://openbsd.org/|OpenBSD]]|| || || || Was included until 5.6, when it was removed with [[https://marc.info/?l=openbsd-cvs&m=139705404731140&w=2|a comment]] citing conflict with CAcert's redistribution license: "Notably this removes CAcert who it turns out have strict requirements on redistribution (http://www.cacert.org/policy/RootDistributionLicense.php) which we don't meet."|| ||<#80FF80>Included||Server||[[http://www.igniterealtime.org/projects/openfire/index.jsp|Openfire]]|| || || ||XMPP chat server software includes class 1 & class 3 roots|| ||<#FFFF80>Disabled||OS||[[http://centos.org/|CentOS]]||3, 4|| || ||[[http://web.archive.org/web/20070504231933/http://www.centos.org/modules/newbb/viewtopic.php?topic_id=50&forum=2&post_id=68|announcement]], [[http://www.centos.org/modules/newbb/viewtopic.php?viewmode=thread&order=ASC&topic_id=12791&forum=37|version 5 question]]|| ||<#FFFF80>Disabled||OS||[[http://ubuntu.org/|Ubuntu]]||6.10||[[http://packages.ubuntu.com/ca-certificates|ca-certificates]]|| ||[[https://wiki.ubuntu.com/UbuntuDownUnder/BOFs/CACertInclusion|BoF]] [[http://blog.cacert.org/2005/04/4.html|discussion]] Import from [[file:///usr/share/ca-certificates/cacert.org/cacert.org.crt|cacert.org.crt]]|| ||<#FF8040>Stalled||OS||[[http://fedoraproject.org/|Fedora]]|| ||[[https://bugzilla.redhat.com/show_bug.cgi?id=120280|120280]]|| ||Dependent on Mozilla inclusion per [[https://bugzilla.redhat.com/show_bug.cgi?id=120280#c2|comment 2]]|| ||<#FF8040>Stalled||OS||[[http://freebsd.org/|FreeBSD]]|| ||[[http://www.freshports.org/security/ca-roots/|ca-roots]] [[http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/ca_root_nss/|ca_root_nss]]|| ||The old ca-roots port (which included the CAcert certificate) was removed with the comment "Not supported by FreeBSD Security Officer anymore". The current certificate package (ca_root_nss) is a copy of the Mozilla certificate package and FreeBSD is therefore dependent on Mozilla inclusion|| ||Requested||OS||[[http://www.apple.com/macosx|Mac OS X]]|| ||[[http://bugreport.apple.com/|5585471]]|| ||[[http://www.apple.com/certificateauthority/ca_program.html|Policy]] requires [[http://www.webtrust.org/|WebTrust]] audit|| ||Unknown||OS||[[http://www.symbian.com/|Symbian OS]]|| || || || || ||Unknown||OS||[[http://www.fedoraproject.org|Fedora]]|| - || [[https://bugzilla.redhat.com/show_bug.cgi?id=474549|474549]]|| || [[https://bugzilla.redhat.com/show_bug.cgi?id=474549|Review Request]] for the integration in Fedora is open|| ||<#4169e1>Contain||OS||[[http://www.opensuse.org/|openSUSE]]|| || || || openSUSE package [[http://software.opensuse.org/package/ca-certificates-cacert|ca-certificates-cacert]] contains CAcert root certificates. The user may install it; it is not automatically installed during installation procedure. [[https://lists.cacert.org/wws/arc/cacert/2012-12/msg00025.html|ref.]]|| ||Unknown||OS||[[http://www.suse.com/|Suse]]|| || || || || Order: Status, Name === Browser, etc. === ||'''Status'''||'''Category'''||'''Name'''||'''Version'''||'''Issue(s)'''||'''Owner'''||'''Comments'''|| ||<#80FF80>Included||Browser||[[http://xerobank.com/xB_Browser.php|XeroBank]] ~-[dead link]-~||2.0.0.2a|| || ||Previously Torpark|| ||<#80FF80>Included||Device||[[http://en.wikipedia.org/wiki/Nokia_770_Internet_Tablet|Nokia 770]]/[[http://en.wikipedia.org/wiki/Nokia_N800|N800]]/[[http://en.wikipedia.org/wiki/Nokia_N810|N810]] (not N900)|| || || ||[[http://europe.nokia.com/nokia/0,,75023,00.html|product page]]|| ||<#80FF80>Included||Package||[[http://mirbsd.de/ports|MirPorts Framework]]|| ||net/curl|| ||Depends on CA bundle of MirOS BSD|| ||<#80FF80>Included||Package||[[http://mirbsd.de/ports|MirPorts Framework]]||2.0.0.14-1||www/firesomething|| ||(Firef*x) patched with MirOS BSD certificate bundle|| ||<#80FF80>Included||Server||[[http://www.igniterealtime.org/projects/openfire/index.jsp|Openfire]]|| || || ||XMPP chat server software includes class 1 & class 3 roots|| ||<#FF8040>Stalled||Browser||[[http://mozilla.org/|Mozilla]]|| ||[[https://bugzilla.mozilla.org/show_bug.cgi?id=215243|215243]]|| ||Includes Firefox, Thunderbird, etc. Awaiting [[http://wiki.cacert.org/wiki/Audit|audit]] to meet [[http://www.mozilla.org/projects/security/certs/policy/|policy]], we still have some [[Audit/ToDo|work to do]]|| || Requested ||Browser||[[https://www.palemoon.org/|PaleMoon]]|| || [[https://wiki.cacert.org/Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/2016-02-07 |Minutes]] || Moonchild Productions || || ||Requested||Browser||[[http://www.apple.com/safari/|Safari]]|| ||[[http://bugreport.apple.com/|5829965]]|| Apple ||Based on [[http://webkit.org/|WebKit]] & uses OS X Keychain. Users can provide feedback via ''Safari->Report Bugs to Apple...''|| || ||Browser||[[http://www.icab.de/|iCab]]|| || || Alexander Clauss || Macintosh only || || ||Browser||[[https://konqueror.org/|Konqueror]]|| || || KDE Project|| || || ||Browser||[[http://www.opera.com |Opera]]|| || || Opera Software || || || ||Browser||[[https://vivaldi.com/|Vivaldi]]|| || || Vivaldi Technologies || || || ||Browser||[[http://www.srware.net/software_srware_iron.php|Iron]]|| || || SRWare || Chrome ohne Spionagefunktionen (Android, Linux, Macintosh, Windows) || || ||Browser||[[http://www.ucweb.com/company/about/|UC Browser]]|| || || UC Web / Alibaba Group || Mobile phones, ... || Order: Status, Name (more browsers: https://www.browser-statistik.de/browser/ ) == Organisations == The following organisations (in alphabetical order) deploy CAcert roots to their end user workstations: ||'''Country'''||'''Town/State'''||'''Organisation'''||'''Comments'''|| ||Austria||Vienna||[[http://www.htl-donaustadt.at|htl donaustadt]]<
>(Secondary Technical and Vocational College)||Class 1 & 3 root certificates deployed to servers and workstations for students, teachers & administration|| ||Germany||Bad Schussenried||[[http://www.mse-it.de/|MSE-iT Software Development]]||Class 1 & 3 root certificates deployed to servers and workstations for employees and customers|| ||Germany||München||[[https://rootca.allianz.com/de/secumail_calist.htm|Allianz Gruppe]]||Class 1 & 3 root certificates deployed to servers and workstations for employees and customers|| ||Switzerland||Zurich||[[http://www.hgkz.ch|University of Applied Sciences and Arts (HGKZ)]]||Class 1 & 3 root certificates deployed to servers, terminal servers and workstations for students, lecturers & administration|| Order: Country, Town, Organisation Here you will find a list of [[OrganisationAssurance/OrganisationList|assured Organisations]] For [[InclusionStatus/Recognition|advanced electronic signatures]] see [[InclusionStatus/Recognition|here]]. == History == The past of browser inclusion from 2002 to 2008: http://iang.org/papers/open_audit_lisa.html ---- .CategoryAudit