Free Spirits


Main:

Languages:

SSL Certificate Authority

    Quick installation

To keep the safety which SSL certificates offer for our web boards, you have to import the new Free Spirits Root Certificate. Go to this section and follow the instructions. If you do not understand what you are doing here, read the information provided below.


    Introduction

When accessing our FS boards by using https:// in front of the internet address (e.g. https://www.boychat.org), you are using a SSL secured connection. This means that an observer outside can see THAT you are communicating with a specific server, but noone can track the content of WHAT you are doing there.

Secure Socket Layer (SSL) is an application-level protocol that enables secure transactions of data through privacy, authentication, and data integrity. It relies upon certificates. Certificates are similar to digital ID cards. They prove the identity of the server to clients. Certificates are issued by Certificate Authorities (CAs) such as VeriSign® or Thawte. Each certificate includes the name of the authority that issued it, the name of the entity to which the certificate was issued, the entity's public key, and time stamps that indicate the certificate's expiration date.

Clients must be configured to 'trust' the entity that signed this certificate. Where the server and the clients are controlled by the same people it is possible for certificates to be created 'in house', but in the general case certificates need to be signed by an organisation that clients are pre-configured to trust. In practice this involves dealing with one of the many commercial 'Certification Authorities' (CAs). Every browser has a list containing almost all root certificates of the big commercial CAs. Thus certificates issued by such a CA are considered valid.


    Free Spirits Root Certificate Authority

In the past, Free Spirits has used certificates issued by a commercial CA. Thus you never had problems when accessing Free Spirits domains. These certificates are valid for one year and - in our case - expire in September/October 2003. We got these certificates for free but as from now we would have to pay for them. Thus FSC has decided to create its own Certificate Authority to save the money which are several hundreds US$ the year for more important things like bandwidth costs and hardware.

In the following list you see our root certificate which is used to sign domain certificates. It is valid until 31/12/2020. This root cert creates an Authority like the big ones. The certificates for the single domains are issued by the Free Spirits Root CA. Each domain has its own certificate.

  • Free Spirits Root Certificate (valid till 31/12/2020)
    Fingerprint: SHA1: 36:4F:4D:1E:F1:DE:3C:E6:F3:AB:39:4B:53:08:12:9D:AA:61:77:49
                 MD5:  41:C1:54:84:DC:06:3A:03:2E:86:31:8C:9E:C4:51:6B
    • Free Spirits Server Certificate (valid till 31/12/2020)
      Fingerprint: SHA1: 1D:8D:39:C3:32:42:4C:89:EF:EC:3E:10:AB:73:42:2B:98:26:DA:1C
                   MD5:  69:83:B9:2C:99:0B:22:4B:BB:51:40:8F:61:BD:7C:1D
      • www.boychat.org  (valid till 31/12/2006)
      • www.boylinks.net (valid till 31/12/2006)
      • freespirits.org  (valid till 31/12/2006)
      • jungsforum.net   (valid till 31/12/2006)
      • legarcon.net     (valid till 31/12/2006)
      • www.pedagora.com (valid till 31/12/2006)
 Please note the fingerprints listed with the root cert. They are unique to each certificate and MUST match the fingerprints you see when you open the root certificate.

This means for you, the end user, that there is no root certificate stored in your browser that verifies the validity of our SSL certificates when you access our boards. You need to import our Free Spirits Root Certificate which then takes care for validating the single web certificates.


    Installing the Root Certificate

Now click the above link Free Spirits Root Certificate in your favourite browser.
  • With Mozilla, you can now choose what to use the certificate for. Choose "Trust this CA to identify web sites". Click "OK" to import the certificate. If already imported, you cannot import it another time.



  • With Internet Explorer, choose to open the file. A popup appears telling you details about the root certificate. Click the button "Install Certificate". At the next screen, click "Next" and then choose "Place all certificates in the following store". "Browse" to select "Trusted Root Certification Authorities".



    After accepting this and clicking "ok" you are asked to add the certificate to the Root store:



    After saying "Yes" the root certificate is successfully imported and will be used for all Free Spirits domains to verify their certificates.

  • With Opera you just have to confirm that the new certificate is to be used for "connections to sites certified by this authority". Klick OK at this screen to add the root certificate to the Root store.




    Finish

When followed these instructions you have set up your browser successfully to accept our future certificates created by Free Spirits. If you have any questions, problems or hints, contact us at ca@freespirits.org.

Thanks for your patience.