Testserver Setup and technical details

This is a reverse engineering notepad on how the Testserver test.cacert.org has been set up.


The OpenSSL config files in /etc/ssl should be adjusted: crlDistributionPoints, authorityInfoAccess, ...

The Testserver keys have to be provided for download.

Signer Client





pages/index/feed.rss get displayed as Latest news on the startpage. Sample page:

<?xml version="1.0" encoding="UTF-8"?><!-- generator="WordPress/2.5.1" -->
<rss version="0.92">
                <title>CAcert NEWS Blog</title>
                <description>CAcert NEWS and up coming events.</description>
                <lastBuildDate>Fri, 20 Aug 2010 11:54:30 +0000</lastBuildDate>

                        <title>Looking for confirmation email on creating account?</title>
                        <description>Please go to https://ca-mgr1.it-sls.de/login login with your just created account and password. Under MAIL you'll find your individual confirmation email.


The testserver runs a postfix MTA and a dovecot IMAP server.

It looks like all(?) mails sent by the CAcert website installation are redirected into a single IMAP mailbox. The TestManager then accesses this mailbox and filters them for the mails to be shown to the logged in user.

The redirection is achieved by this directive in /etc/postfix/main.cf:

virtual_alias_maps = regexp:/etc/postfix/virtual.regexp 

with virtual.regexp containing

 /.*/    cacertmail 


It is not essential to set up a CATS server, since passed tests can be created by the TestMgr.

Changes to the release branch

Currently some files of the cacert-devel release branch have to be changed to set up the testserver.1

Note that all those settings should go into a "configuration file" in the future, so that the release branch can be used for a testserver, with all necessary changes included only in config files.

Not in the repository:


  1. The necessary changes should be included in the Git branch testserver-mods, but since such branches get somewhat outdated as time passes I'm trying to describe the changes in text form. (1)

  2. "Work around CRLs redirecting to crl.cacert.org", I don't yet understand this... (2)

Software/Assessment/testserver/setup (last edited 2019-07-08 18:59:39 by BernhardFröhlich)