[moon] home
IPv4

/~erlkonig/certs/

This is an SSI/CGI/PERL-generated dynamic index
parent
[parent webpage]

server
[webserver base]

search
[search erlkonig webpages]

trust
[import certificates]


homes
[talisman]
[zoion]

My personal certificate is the erlkonig-ca.crtin the listing below.
Activating the link will add it as a certifying authority to your browser,
and thereby automatically gain the use of all of the other derived certs.

Instructions for certificate installation into web and email clients:

On verifying the erlkonig-ca.crt certificate: you can optionally contact me to verify that the SHA1 thumbprint matches the one I created for Talisman, or otherwise try to verify it's the correct one. It'll probably be something like B9EDFBF1 F6D6380E AF944656 2CB0762C BF61F350 until 2019 or so (fingerprints are checked against actual certificate files using the command openssl x509 -fingerprint < certificate by admins)

  • For Web Browsers
    1. While visiting this webpage in the browser of interest
    2. Click to add Alex's erlkonig-ca.crt as a Certificate Authority
    3. The browser should prompt for confirmation; here's what to do in some of the major browsers:
      • Opera 6.02 RPM (6.0 and 6.03 from the non-RPM under RedHat both fail)
        1. click OK
      • Mozilla and Firefox, title "Downloading Certificate"
        1. check all the boxes (web sites is required, the others are recommended), then click Next>
        2. click OK
      • Netscape 4.78, title "New Certificate Authority"
        1. read the first two descriptions, clicking Next> after each
        2. check all the boxes (network sites is required, the others are recommended), then click Next>
        3. verify that the "Warn me" checkbox is unchecked, the click Next>
        4. You may name the certificate ("Erlkonig (Alex) CA" for example); enter a name and then click Finish
      • Google Chromium (only slightly less awful than IE 8 for this process)

        I'm not entirely sure this is worth the trouble, since I've seen Chromium display the same webpage in two different tabs and yet still decide only one of them deserved the pretty green https, stamping the other with red. From an SSL perspective, this browser is not ready for prime time (2011-04).

        1. Right click on the above (or this) Click to add Alex's erlkonig-ca.crt as a Certificate Authority
        2. Use the Save Link As option. Yep, Google really makes you do this.
        3. Save it somewhere you can find it in a minute, probably still with the name erlkonig-ca.crt
        4. Back in any Chromium window, click on the cute little wrench icon near the top right corner, the one with the hover help of Customize and control Chromium.
        5. Select Preferences
        6. In the new tab, on the left, Select Under the Hood
        7. In the lower HTTPS/SSL section, click on Manage Certificatess
        8. Select the Authorities tab.
        9. Click on the Import button.
        10. Locate the certificate file you saved, select it, and hit Open
        11. In the popup Do you want to trust C. Alex. North-Keys as a Certification Authority?, enable all three trust checkboxes and then click Okay.
        12. For the new certificate to take effect, you'll need to kill and restart Chromium. Which is ridiculous and someone should really post a bug report.
          2011 Update: They have! Sweet! You now may not need a restart to benefit from a new certificate!
      • IE 5 and 6 title "File Download" (by far the worst interface to this process)
        1. If IE produces a box saying "Getting File Information" (with a graphic of file transfer animating), hit Cancel and then shift-click again on the link on this page.
        2. Select “Open this file from its current location”
        3. click OK
        4. in the new "Certificate" window, click on Install Certificate
        5. in the new "Certificate Manager Import Wizard" click Next
        6. in the "Select a Certificate Store" dialog, click Next
        7. click Finish
        8. in the "Root Certificate Store" alert, click Yes
        9. in the "The import was successful" dialog, click OK
        10. in the still-present "Certificate" window, click OK
      • IE 8, title "File Download" (by far the worst interface to this process)
        1. When IE8 asks “Do you want to open or save this file?” Select Open
        2. When IE8 announces “ A website wants to open web content using this program on your computer ” Select Allow
        3. In the new "Certificate" window, click Install Certificate
        4. In the new "Certificate Import Wizard / Welcome..." click Next >
        5. In the next step, "Certificate Store", set “Place all certificates in the following store”
        6. Click Browse...
        7. In the “Select Certificate Store” dialog, find and select “Trust Root Certification Authorities”, then click OK
        8. Back in the “Certificate Import Wizard”, click Next >
        9. Click Finish
        10. In the next window, “You are about to install a certificate from a certification authority (CA) claiming to represent:” [...] Verify the certificate fingerprint as described earlier.
        11. Click Yes
        12. In the Certificate Import Wizard popup that says “The import was successful.”, click OK
        13. In the still-present "Certificate" window, click OK
    4. Now try browsing to https://www.talisman.org/ and see if it works now. Note that some web browsers (Microsoft's especially) will still complain even though you've personally just confirmed the certificate.
    5. If you get an alert that a webpage is delivering a mix of secure and insecure content, it generally means that the Google ads are being delivered insecurely. Choosing only secure content will conveniently block the ads, so feel free.
  • For Email Clients click OK
  • For Email Clients
    1. In most browsers, you can save the certificate to a file with:
      1. Right click-and-hold on erlkonig-ca.crt and select Save Link As...
      2. Using the resulting dialog box, Select and remember a location to which to save the file, and save it there.
    2. Once saved, here's what to do in some of the various email clients:
      • Thunderbird
        1. In Thunderbird's top menubar, go through: EditPreferences, tab Advanced, subtab Certificates, click on View Certificates
        2. In the Certificate Manager window, select the Authorities tab
        3. Under the certificate list, select the button Import
        4. In the filesystem browser dialog, locate the saved certificate from earlier, select it, and open it (either by double-clicking the certificate name, or single-clicking and then clicking a button such as Open )
        5. In the next dialog, configure the certificate trust settings to allow general use by checking all three of the This certificate can identify... lines for web sites, mail users, and software makers.
        Certificate installation should now be complete.
  • Icon Name (6)         Bytes (28594) Last Change, CDT  Document Title

     [back]  Parent Dir               4096  2017-06-11 02:25
     [folder]  Obsolete                 4096  2009-01-01 01:10
     [generic.sec]  erlkonig-2019-ca.crt     1139  2011-12-09 10:51
     [unknown]  erlkonig-ca.crl             0  2002-11-17 06:52
     [generic.sec]  erlkonig-ca.crt          1139  2011-12-09 10:46
     [unknown]  erlkonig-ca.crt+txt      3709  2011-09-27 02:24
    
    encrypt lang [de jp fr] diff backlinks (sec) validate printable
    Klein bottle for rent; inquire within.
    [ Your browser's CSS support is broken. Upgrade! ]
    alexsiodhe, christopher north-keys, christopher alex north-keys