This page speaks of things to come. The MirBSD Infrastructure CA has been prepared by tg@ in favour of CAcert.org, which is on its descend. The Root Certificate (PEM) and a detached PGP/GnuPG signature of it are available for download.
The file /etc/ssl/certs/cd3d9c87.0 on MirOS systems, or these with our ca-bundle installed, already contains this Root CA Certificate.
Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha1WithRSAEncryption Issuer: C=DE, ST=NW, L=Bonn, O=MirSolutions Thorsten Glaser, O=MirBSD, OU=The MirOS Project, CN=MirBSD CA for MirOS infrastructure Root CA Certificate Validity Not Before: May 16 13:37:09 2009 GMT Not After : May 16 13:37:09 2015 GMT Subject: C=DE, ST=NW, L=Bonn, O=MirSolutions Thorsten Glaser, O=MirBSD, OU=The MirOS Project, CN=MirBSD CA for MirOS infrastructure Root CA Certificate Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (5120 bit) […] X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 CRL Distribution Points: URI:https://ca.mirbsd.org/ca.crl URI:https://call.mirbsd.org/ca.crl […] Netscape CA Policy Url: https://ca.mirbsd.org/ca.htm […] Netscape Comment: No Liability accepted! Use by MirBSD and for The MirOS Project only. X509v3 Subject Alternative Name: DNS:mirbsd.de, URI:https://ca.mirbsd.org/ca.cer X509v3 Subject Key Identifier: 04:A6:75:51:3A:D5:B1:59:70:0D:FF:DE:B6:E1:BC:9D:26:05:ED:9E Signature Algorithm: sha1WithRSAEncryption […]
Please note that ca.mirbsd.org is only reachable using IPv6 at this time.
Policy: only sign things (mostly infrastructure, but possibly developer eMail or VPN certificates) related to MirBSD™ or The MirOS Project, with great care of manual verification. The Root CA key is backed up and secure but used on systems with network access. The signed certificates are used on systems with network access, sometimes even shared systems, i.e. where other people have superuser privileges. No liability accepted.