The certificates for all we-be-smart domains are signed by the we-be-smart certificate authority. If you wish to trust all certificates signed by we-be-smart, download and install the certificate authority CAcert.crt. Most browsers will automatically correctly install the certificate when you click on that link. If that does not work for you, please refer to the detailed instructions below.
If you're running Mac OS X 10.5 or later:
If you're running Mac OS X 10.3 or 10.4:
If you're running Mac OS X 10.0, 10.1, or 10.2:You need to follow a more complicate set of instructions, since Safari did not yet automatically install certificate authorities. To install the we-be-smart CA, download CAcert.der to your desktop and execute the following commands in a shell:
cd ~/Library/Keychains cp ~/Desktop/CAcert.der . cp /System/Library/Keychains/X509Anchors . certtool i CAcert.der k=X509Anchors d sudo cp X509Anchors /System/Library/Keychains/X509Anchors
If you want to have your openssl-based apps (e.g. pine-ssl) trust any certificate signed by the we-be-smart certificate authority, do the following:
By means of explanation: 03ebf8c5 is the x509 hash for the we-be-smart CA. openssl checks $SSLDIR/certs/########.0 (where ######## is the hash of the signing certificate) to see if it trusts a signing certificate.
If you want to verify the hash for the CA after you download it, do
openssl x509 -hash -in CAcert.crt
Just click on the CA cert and follow the instructions that will pop up.
Internet Explorer Users:
Download the CA cert and save it to disk. Then double-click on it. A wizard will pop up and will walk you through installing it—unless you're doing something weird, just press "Next" a bunch of times and then "Finish".
There is a more detailed walkthrough here, but that's for MIT - instead of their cert, use ours.