Deletion candidate

This page is is either off topic, has a low overall quality, or is simply outdated and will be deleted soon. If you still need this page, please contact the WikiCaretakers and explain what this page is for. Please do not remove this notice from the page.

Reason: it is not clear which FSFE systems this info pertains to - the wiki itself nowadays has a StartCom certificate...

My browser tells me that the website is certified by an Unknown Authority and advices me to notify the webmaster. What should I do?

Except for the Fellowship join process which uses a certificate from GoDaddy FSFE secure websites use SSL certificates issued by CAcert, a community-run Certification Authority. (Except for the Fellowship join procedure, where we use a certificate which does not need the installation of the CAcert certificate.)

When you connect to a secure site (such as the Fellowship join page, or other Fellowship services), your browser checks the validity of the SSL certificate provided by the website; in order to do so, you must have the CAcert root certificate installed on your browser/system.

Unfortunately not all browsers or operating systems have the root certificate for CAcert installed by default.

Most GNU/Linux distributions include the CAcert root certificate; for Debian, you just have to install the ca-certificates package.

You can check the status of inclusion of CAcert root certificates in applications and operating systems at

In general, you can import the CAcert root certificate into your browser visiting this page:

Also the GNU Savannah project uses CAcert certificates for secure connection to its web site: they have a nice tutorial explaining how to import the root certificate on your browser.

I have installed the root certificate of CACert, but I still get a warning saying "Domain name mismatch" when connecting to some Fellowship services (,

The problem arise because there is no clear standard on how to deal with multiple domain certificates. Different browsers have different reactions to certificates with multiple domains.

It is perfectly safe to accept the connection: have a look at the certificate, and you'll see the right domain names in the Subject Alt Name field of the certificate.

To read more about this topic go to CACert's wiki.

Get CAcert certificates working with Chromium


sudo apt-get install libnss3-tools
certutil -d sql:$HOME/.pki/nssdb -A -t "TCu,Cu,Tuw" -n "CACert Class 1 Root Certificate" -i root.crt
certutil -d sql:$HOME/.pki/nssdb -A -t "TCu,Cu,Tuw" -n "CACert Class 3 Root Certificate" -i class3.crt
rm root.crt class3.crt

Category/FAQ Category/DeletionCandidate

TechDocs/Authentication_FAQ (last edited 2017-04-01 14:38:56 by sabet)