Using the Swampside SSL Certificate

About SSL Certificates

You know them; you either love them or you hate them. Certificates contain the crypto information necessary to establish SSL connections with websites, in addition to identifying the server. Since anyone can generate their own certificate, how do you trust it the certificate's identification isn't forged?

Part of the overall security is the assumption that whoever signs these certificates is trustworthy. Microsoft's Internet Explorer (I.E.) and Netscape Navigator come with a list of Certificate Authorities who've put their public reputation on the line. So, other than letting you know you're about to enter a secure site, the web browser is pretty happy when certificates are signed by these folks.

However, public certificate authorities tend to charge for their services. Hobbyists on Linux machines like to generate their own certificates, and know 'the' certificate authories are using the same tools they are. So, if all you're interested in is the secure connection and you have a trusting relationship already established, why not make your own? It doesn't cost anything and does the job 99.999% of the time.

Since I.E. doesn't know about the hobbyist issuing authority right off the bat, it is hesitant to allow an SSL connection. It sprouts warnings, and will even if you've accepted that certificate in the past. A bit paranoid (who would think Microsoft could be paranoid about security?), but fair enough, since there are two easy solutions:

You may either:

Accept Us(?)!

Warning: If you detect any signs of tampering, or just don't trust Swampside.ORG, don't do this! We make a good-faith effort to be secure and trustworthy, but Swampside.ORG accepts no culpability if you perform this action.

Our certifcate should match the following md5 and sha1 fingerprint/thumbprints:
MD5 Fingerprint=AD:A7:5C:CA:1C:0B:1D:BE:F6:6B:1B:53:92:D4:74:16
SHA1 Fingerprint=80:94:88:20:EB:67:62:07:78:2F:F5:32:54:54:B0:56:D8:84:3D:9E

Microsoft's Internet Explorer

In I.E.(6.0):

  1. Follow this link, http://www.swampside.org/ca.crt.
  2. When the File Download dialog box appears, click Open.
    A dialog box window will appear to allow you to install this certificate.
  3. In the Certificate dialog box, click Install Certificate...
    The Certificate Manager Import Wizard dialog box will appear.
  4. Click Next.
    The dialog will advance one screen.
  5. Under Select a Certificate Store, select Automatically select the certificate store based on type of certificate.
  6. Click Next.
    The dialog will advance one screen.
  7. Click Finish.
    A new dialog will open, asking Do you want to ADD the following certificate to the Root Store?
  8. Compare the MD5 and SHA1 values to those shown below:
    MD5 Fingerprint=AD:A7:5C:CA:1C:0B:1D:BE:F6:6B:1B:53:92:D4:74:16
    SHA1 Fingerprint=80:94:88:20:EB:67:62:07:78:2F:F5:32:54:54:B0:56:D8:84:3D:9E
    If they don't match, contact me immediately. I either changed the certificate and will be happy to tell you so, or something's rotten in Denmark and you should procede no further.
  9. Click Yes.
    At this point, click a few more Yes and OK buttons to finish the procedure and close down the dialog. I.E. now accepts Swampside.ORG as a valid Certification Authority as valid, and should accept any further certificates from this site without hesistation.
  10. Try it out by going to https://www.swampside.org/.

Netscape Navigator

For Netscape Navigator, it shouldn't be necessary to accept the certificate more than once. If you want to accept Swampside.ORG as a valid certificate authority anyway:

In Navigator (6.2):

  1. Follow this link, http://www.swampside.org/ca.crt.
    The Download Certificate dialog box appears.
  2. Under Do you want to trust "Swampside" for the following purposes? select Trust this CA to identify web sites and Trust this CA to identify email users.
  3. Click OK.

admin@swampside.org


Swampside.ORG