About this page

This is a securely delivered mirror of the CACert Key download page. The problem is: Consider you are using an unsecure connection, but the site you want to visit servers an SSL connection (most likely HTTPS). Now you could import the CAcert Root certificate, but since it is provided over an insecure connection, too, you cannot be sure the key is right, anyway. Thus you have not archieved any benefit in security.

There would be a simple solution: If CACert would distribute it own certificates over a secured line, e.g. with a commercial SSL certificate which is already in your browser keychain. Well   they don't, so I do. Look at the certificate of this page, it's signed by the DFN and furthermore the Deutsche Telekom. There is only one hatch in the rationale: I could have changed the keys while copying them to my server. But if I or anybody with access to my server did, he must be the one who does the man-in-the-middle attack to your connection. This is much more unlikely compared to the fact that your connection is compromised by anybody who easily can edit any (unencrypted) data on your channel.

Lastmod: Tue 09. August 2011, Sven

You are bound by the Root Distribution Licence for any re-distributions of CAcert's roots.

Class 1 PKI Key
Root Certificate (PEM Format)
Root Certificate (DER Format)
Root Certificate (Text Format)
CRL
Fingerprint SHA1: 13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33
Fingerprint MD5: A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B

Class 3 PKI Key
Intermediate Certificate (PEM Format)
Intermediate Certificate (DER Format)
Intermediate Certificate (Text Format)
CRL
Fingerprint SHA1: AD:7C:3F:64:FC:44:39:FE:F4:E9:0B:E8:F4:7C:6C:FA:8A:AD:FD:CE
Fingerprint MD5: F7:25:12:82:4E:67:B5:D0:8D:92:B7:7C:0B:86:7A:42

GPG Key
CAcert's GPG Key

PKI finger/thumb print signed by the CAcert GPG Key

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
For most software, the fingerprint is reported as:
A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B
 
Under MSIE the thumbprint is reported as:
135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
 
iD8DBQE/VtRZ0rsNAWXQ/VgRAphfAJ9jh6TKBDexG0NTTUHvdNuf6O9RuQCdE5kD
Mch2LMZhK4h/SBIft5ROzVU=
=R/pJ
-----END PGP SIGNATURE-----
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
pub  1024D/65D0FD58 2003-07-11 CA Cert Signing Authority (Root CA)
     Key fingerprint = A31D 4F81 EF4E BD07 B456  FA04 D2BB 0D01 65D0 FD58
sub  2048g/113ED0F2 2003-07-11 [expires: 2033-07-03]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
 
iD8DBQFCEDLN0rsNAWXQ/VgRArhhAJ9EY1TJOzsVVuy2lL98CoKL0vnJjQCfbdBk
TG1yj+lkktROGGyn0hJ5SbM=
=tXoj
-----END PGP SIGNATURE-----

An overview over all CA certificates ever issued can be found in the wiki.