SSL Certificates

Overview

Some nerdylorrin.net services are protected with SSL. SSL is designed to provide encryption as well as authentication. Authentication is achieved by the server sending a certificate signed by a trusted third party, such as Thawte or Verisign. Instead of paying either of them to sign my certificates, I’ve signed them myself. Until you tell your computer to trust certificates signed by nerdylorrin.net, you’ll see warning messages. Follow the steps below to prevent the warnings.

Mac OS X Instructions

If you haven’t installed the nerdylorrin.net certificate authority’s certificate you’ll see the following security alert:finder_missing_cert.png

  1. Click Cancel
  2. Right-click the following link and download the nerdylorrin.net certificate authority’s certificate.
  3. Double-click the downloaded cacert.pem file
  4. Keychain.app should launch and display a prompt about what to do with the certificate
  5. Select to add it to the X509 Anchors Keychain and click OK

Microsoft Windows Instructions

If you haven’t installed the nerdylorrin.net certificate authority’s certificate you’ll see the following security alert:
ie_missing_cert.png

  1. Click View Certificate
  2. Click the Certification Path tab
  3. You’ll see the following dialog indicating the child certificate is good but the CA certificate is unknown.
    ie_cert_path.png
  4. Select “nerdylorrin.net CA” and click View Certificate (again!)
  5. Click Install Certficate and click through the wizard

Mozilla Firefox / Thunderbird Instructions

Mozilla apps don’t make use of the certificates registered with the operating system and must be updated separately. If you haven’t installed the nerdylorrin.net certificate authority’s certificate you’ll see the following security alert:
mozilla_missing_cert.png

  1. Click Cancel
  2. Right-click the following link and download the nerdylorrin.net certificate authority’s certificate.
  3. Open Prefences (or Options) and navigate to Advanced -> Encryption (or Certificates): mozilla_prefs.png
  4. Click View Certificates to bring up the Certificate Manager.mozilla_manager.png
  5. Click Import. Select the cacert.pem file downloaded earlier.
  6. You’ll see the following dialog prompting for how to use the certificate:mozilla_import.png
  7. Select Trust this CA to identify web sites (even for Thunderbird!) and click OK

No comments

Comments feed for this article