|
The certificates for all we-be-smart domains are signed by the we-be-smart certificate authority. If you wish to trust all certificates signed by we-be-smart, download and install the certificate authority CAcert.der. Safari Users:If you're running Mac OS X 10.5:
If you're running Mac OS X 10.3 or 10.4:
If you're running Mac OS X 10.0, 10.1, or 10.2: You need to follow a more complicate set of instructions, since Safari did not yet automatically install certificate authorities. To install the we-be-smart CA, download CAcert.der to your desktop and execute the following commands in a shell:cd ~/Library/Keychains cp ~/Desktop/CAcert.der . cp /System/Library/Keychains/X509Anchors . certtool i CAcert.der k=X509Anchors d sudo cp X509Anchors /System/Library/Keychains/X509Anchors openssl users:If you want to have your openssl-based apps (e.g. pine-ssl) trust any certificate signed by the we-be-smart certificate authority, do the following:
By means of explanation: bb8e82f9 is the x509 hash for the we-be-smart CA. openssl checks $SSLDIR/certs/########.0 (where ######## is the hash of the signing certificate) to see if it trusts a signing certificate. If you want to verify the hash for the CA after you download it, do openssl x509 -hash -in CAcert.crt Mozilla/Firefox/Thunderbird Users:Just click on the CA cert and follow the instructions that will pop up. Internet Explorer Users:Download the CA cert and save it to disk. Then double-click on it. A wizard will pop up and will walk you through installing it—unless you're doing something weird, just press "Next" a bunch of times and then "Finish". There is a more detailed walkthrough here, but that's for MIT - instead of their cert, use ours. |