DFN-PKI CA-certificates
Script not avaible at the moment…
About DFN-Certs and the problem
DFN provides a root-certificate to validate pages, which uses this. It isn’t for free, unlike CAcert.org. Most pages are websites of universities in Germany, for example the Cologne University of Applied Sciences. DFN uses a root-certificate of \TeleSec Trust Center which should be trusted by Micro$oft Windoze, but I’ve never seen one in other software-distributions, like the popular browser Mozilla Firefox or GNU/Linux-distributions.
I need these root certificates, as some other people too.
Script for automatical installtion
Attention before you read next!
It should be safe to download this file, but every download of something with unknown source is a security risc! Downloading a browser is a security risc too. It’s tainted. Additionally, if you download it via https, you can’t know if the CA-Certificate isn’t tainted, because the browser you use for download could be tainted itself, and so on.
You have to keep in mind, that you don’t know, if you can trust me, my server and DFN.
Use it on your own risc!
For an automatic install of all DFN-CA-certificates you can use this script. Tested on Gentoo and Ubuntu.
Debian/Ubuntu users first should install ca-certificates:
sudo apt-get install ca-certificatesYou can also execute the script directly without download:
sudo sh -c "$(wget -O- https://www.denkn.de/dfn-ca.install.sh)" -- -d /usr/share/ca-certificates/dfnFor browsers
You can find certificates here or you just use the following list of all needed certificates in PEM.
Click and install it to your browser.
-
Global:
-
Classic:
-
Grid:
-
Basic:
-
WWW Policy certificate is valid but no certificates will be created in future with this. It’s in DER, not PEM. To convert:
openssl x509 -in www-policy-root-ca.der -inform DER -out www-policy-root-ca.crt
> download script <
TODO: Links to related pages.
