SSL Certificates for this Site

This site uses a “self-signed” SSL Certificate. That means that the Server Certificate was signed by “me”, rather than my paying VeriSign $300/year for the privilege of having their signature on the Certificate. The unfortunate side-effect is that you will get an annoying warning every time you visit this site that your browser does not recognize the CA (Certificate Authority) which signed the Server Certificate.

To make this warning go away, you can download my CA Certificate and add it to the list of recognized CA's in your browser. First, read the following declaration (text version)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The CA Certificate for:

      Jacques Distler
      distler@golem.ph.utexas.edu
      The University of Texas at Austin
      Physics Department
      Austin, Texas, US

has fingerprint:

      MD5 Fingerprint=59:6A:43:55:78:01:2C:D5:84:2D:07:03:E8:59:A8:C0

This CA certificate was used to sign the Server Certificate:

      golem.ph.utexas.edu
      distler@golem.ph.utexas.edu
      The University of Texas at Austin
      Physics Department
      Austin, Texas, US

which has fingerprint:      

      MD5 Fingerprint=D2:5B:9B:DB:83:B7:C3:9A:AC:7B:48:FA:42:1E:10:F4

If you believe that these are legitimate, you can load the CA Certificate
into your browser and the annoying warning messages will disappear.

                            Jacques Distler
                            Professor of Physics
                            University of Texas at Austin
                            March 15, 2003

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)

iD8DBQE+dAI3nyqPIXpYcjcRAo39AKDEBE914u3bh9YTCBiUdaeQOEojrgCg+JYv
4eeFkCxP9XwFkGkbUl2Zn2o=
=Hwvq
-----END PGP SIGNATURE-----

And then click on to download my CA Certificate into your browser.

I've tested this in Mozilla/Netscape/... and in Internet Explorer 5.2 (MacOSX). I assume that other versions of IE will work the same way (if not, let me know).

Safari downloads the CA Certificate to your desktop and you have to manually add it to the Keychain. To do this, take the following steps.

1. Click on the above button. This will download the certificate to you hard drive and give it the infelicitous name, loadcacert.cgi.
2. Rename it to cacert.crt and place it in ~/Library/Keychains/
3. Now, at the commandline, execute the following instructions.

   cd ~/Library/Keychains/
   cp /System/Library/Keychains/X509Anchors .
   certtool i cacert.crt k=X509Anchors
   sudo cp X509Anchors /System/Library/Keychains/X509Anchors

4. Quit and restart Safari, and you should be good to go (in any WebCore-based application).

There are probably other browsers with yet-more baroque ways of adding a CA Certificate, and some with no way to add one at all (Opera?, OmniWeb?). If I can find a more general fix, I will happily implement it.

Sorry for any inconvenience.