CAcert Assurer Challenge
Have you passed the Assurer Challenge yet? |
The Assurer Challenge is now open! |
Read below to find out how to pass! |
Introduction to the Assurer Challenge
To meet the increased demands on quality assurance due to the CAcert Systems Audit, which is needed to be included in Mozilla's browsers, CAcert has decided to initiate a Challenge for all Assurers. To be an Assurer, you will need to reach 100 assurance points, and you will have to pass the Assurer Challenge.
In addition to new Assurers, all existing assurers have to pass the Assurer Challenge in order to keep their status.
The goal of the test is to give Assurers some basic knowledge about the process of assurance, technical aspects of certificates, as well as some information about CAcert itself and computer security in general.
How to Approach the Assurer Challenge
There are different ways to tackle the test. The preferred one is to have a thorough look at the AssuranceHandbook2, and maybe Assurer Training (english, PDF Version). Those documents should contain enough information to pass the test.
Nevertheless you should not expect to pass the test on your first attempt (indeed, it is designed to be hard to pass at the first attempt). There are some unusual questions and answers included, and the questions and answers are the subject of continual quality improvement. When you have reached the end of your attempt, the test will debrief you with all the questions answered -- correctly and incorrectly. This is your chance to prepare for another attempt.
You can try the Assurer Challenge as often as you like, even after having passed, and you can make a new try immediately after you got the result of the last one. Some people even like to retry until they get perfect scores!
If you have suggestions for improvement, or if you don't understand the answer to a question send a mail to cacert-education@lists.cacert.org, just to see if we indeed made a mistake or if we can give you an explanation.
Accessing the test --> Get a Client Certificate
Have you passed the Assurer Challenge yet? |
The Assurer Challenge uses your CAcert client certificate! |
Certificates are part of the challenge! |
To access the test page you will need a valid client certificate signed by CAcert. If you don't know how to handle client certificates you should start with the ClientCerts page of this wiki. Setting up a client certificate in your browser is considered part of the test about technical aspects. 
Once you have installed the client certificate you can log in to CATS by clicking Login (top right). At the first login the details of your client certificate are shown for verification (top right). You can click on Info (top right) to see more details within the client certificate.
Note: If you want a printed or PDF Certificate for passing the test please remember to use a digital client certificate that includes your name, since the name in the printed/PDF Certificates will be taken from the digital client certificate you use to login to CATS.
Go for it
Have you passed the Assurer Challenge yet? |
Try the Assurer Challenge now! |
Quick pre-conditions: (a) check out the Handbook, (b) install your cert (c) spend 5 minutes! |
If you feel confident, and you have your client certificate installed in your browser, just give it a try at https://cats.cacert.org/
Other languages
A german version of the Challenge will soon be available, dutch translation has been started but still needs a bit of work.
If you want to help translating the Challenge into your preferred language please ask at the education mailing list.
Doing the Assurer Challenge
Once you are successfully logged in, you can either start a test or have a look at your learning progress.
Click on the Tests button (upper left).
- select the kind of test on the right hand side. Currently there is only the English version available, but others are coming.
Click start test to open the questionnaire.
Note to Firefox Users: If you cannot find the Tests button then increase the width of your browser window. Firefox only shows all of the buttons if there is enough room.
There are three different kind of questions.
- Most browsers render questions with exactly one correct answer by painting round "radio buttons".
- Questions with one or more correct answers have square "checkboxes" beside them. Those are the difficult ones, to answer correctly you have to check all correct answers (at least one, maybe all) and no false one.
- The third kind of questions consists of a sentence where some words have to be selected correctly from a Combobox.
If you think you have answered all questions you should press "evaluate test" at the bottom of the questionnaire.
Certificate of Achievement
CAcert offers to send you a signed Certificate once you have passed the Assurer Challenge. This Certificate provides evidence that you are an Assurer, and it may help you with employment possibilities in the IT or security area.
You can ask for an electronic certificate (a PDF file) or a paper certificate (mailed). Note that this Certificate is not the same (digital) client certificate that you use to log in to the site, it just uses the same word. We need a less confusing name...
Both kinds of Certificates are handled manually, so please be patient. Give us a week before nagging us.
Electronic (PDF) Certificate
The Electronic Certificate is in PDF form, and contains a digital signature by the CAcert representative authorised to sign education certificates (EducationOfficer). This digital signature can be verified by someone who holds the digital copy of the PDF, or you can print it out yourself.
Electronic certificates are free, but they have to be manually processed, so you might have to wait a week till you receive it.
Paper Certificate
Although a self-printed Certificate is nice, a personally-signed piece of high quality paper is even better.
Unfortunately there are costs involved in handling such a Certificate (for paper, ink and, most of all, postage). If you want a Paper Certificate we ask you for a donation of about 5 EUR. See http://www.cacert.org/index.php?id=13 on how to donate, or use the Donate button after passing the test.
How to request your Certificate
To request a printed/PDF certificates, send a digitally-signed mail to education@cacert.org. The signature has to be created by the same certificate you used to log in (so we can match the serial number with the number stored within CATS). If you want a printed Certificate the email has to include your postal address.
The reasons for this procedure are security and privacy, as further explained below in the Technical Desiderata. This procedure is once more explained in a page which can be displayed after you did pass a test.
FAQ
Q: I have more than one client certificate. How can I decide with which client certificate to use to login?
A: you should pick one and stick to it because CATS uses that certificate (its serial number) to maintain your history of testing.
The certificate for login is generally chosen by the browser, based on information from the server which CAs are accepted. If you have more than one acceptable certificate installed, most browsers are configured by default to "automatically" select a certificate to present to the server. And believe me, most time it's the wrong one!
With more than one certificate installed, especially if they are issued by the same CA with different content (e.g., name included or not) you should configure your browser to ask which certificate it should present.
Browser |
Version |
Dialog |
Button |
Firefox |
German |
Extras -> Einstellungen -> Verschlüsselung -> Zertifikate |
"Jedes Mal fragen" |
Firefox |
English MacOSX |
Preferences -> Advanced -> Encryption |
"Ask me every time" |
IE |
. |
also has this setting somewhere in its setup... |
click |
If this setting is active you'll have to chose the certificate you want to present each time the server asks (which can be annoyingly often).
Q: Why can't I just enter my name?
A: Because we need proof that you are a CAcert member, which can easily be provided by a CAcert certificate.
Q: I can't see the buttons you are talking about.
A: On Firefox, enlarge your window. It hides buttons if there is not enough room.
Technical Desiderata
Q: What's the technical story?
A: The Assurer Challenge is hosted on the new CATS (CAcert Automated Testing System) server. The PHP system is written and managed by the EducationCampus.
Q: Why is it a separate system? Why not in the main system?
A: It is bad security practice to pump as much stuff into the main critical systems. By putting the the CATS system outside, we ease the load of maintaining, securing and auditing the main critical systems.
Q: What data can be compromised?
A: The only necessary information held within the CATS server is the certificate serial number, which by the nature of (public key) certificates is public information.
Q: Does that mean CATS is less secure than the main system?
A: Since only the certificate serial number stored on the server, it means that CATS can be designated as a non-critical system. By declaring CATS as non-critical our load in securing and managing it is much lower.
Q: What about my name?
A: If you want a (PDF or paper) document of achievement, then we need the certificate you used to login to the Challenge. One easy way to transmit the cert is to send us a mail signed by it. We'll take the name for the document from the certificate.
Q: What about my address?
If you want a paper certificate as proof, then your address will be collected for that mailing only. For security, this is currently managed outside CATS by the EducationOfficer.