This page speaks of things to come. The MirBSD Infrastructure CA has been prepared by tg@ in favour of CAcert.org, which is on its descend. The Root Certificate (PEM) and a detached PGP/GnuPG signature of it are available for download.
The file /etc/ssl/certs/cd3d9c87.0 on MirOS systems, or these with our ca-bundle installed, already contains this Root CA Certificate.
Specifics:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=DE, ST=NW, L=Bonn, O=MirSolutions Thorsten Glaser,
O=MirBSD, OU=The MirOS Project,
CN=MirBSD CA for MirOS infrastructure Root CA Certificate
Validity
Not Before: May 16 13:37:09 2009 GMT
Not After : May 16 13:37:09 2015 GMT
Subject: C=DE, ST=NW, L=Bonn, O=MirSolutions Thorsten Glaser,
O=MirBSD, OU=The MirOS Project,
CN=MirBSD CA for MirOS infrastructure Root CA Certificate
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (5120 bit)
[…]
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 CRL Distribution Points:
URI:https://ca.mirbsd.org/ca.crl
URI:https://call.mirbsd.org/ca.crl
[…]
Netscape CA Policy Url:
https://ca.mirbsd.org/ca.htm
[…]
Netscape Comment:
No Liability accepted! Use by MirBSD and for The MirOS Project only.
X509v3 Subject Alternative Name:
DNS:mirbsd.de, URI:https://ca.mirbsd.org/ca.cer
X509v3 Subject Key Identifier:
04:A6:75:51:3A:D5:B1:59:70:0D:FF:DE:B6:E1:BC:9D:26:05:ED:9E
Signature Algorithm: sha1WithRSAEncryption
[…]Please note that ca.mirbsd.org is only reachable using IPv6 at this time.
Policy: only sign things (mostly infrastructure, but possibly developer eMail or VPN certificates) related to MirBSD™ or The MirOS Project, with great care of manual verification. The Root CA key is backed up and secure but used on systems with network access. The signed certificates are used on systems with network access, sometimes even shared systems, i.e. where other people have superuser privileges. No liability accepted.
