English | Italiano
Browser Inclusion Status
Status
Traditionally vendors seeking to have their root certificates included in browsers (directly or via the underlying OS infrastructure like Safari via OS X's Keychain) would have to seek an expensive Webtrust audit (~$75,000 up-front plus ~$10,000 per year). While achievable for commercial CAs who typically charge per certificate year, this is typically out of the reach of non-profit organisations like CAcert.
CAcert's primary focus and largest challenge at present is to meet the fair but firm policy of Mozilla with a view to inclusion in their products, including the popular Firefox browser (see Mozilla bug 215243). To that end an Audit is underway (you can refer to the AuditToDo list for progress and our Certificate Policy Statement is being refined at CPS (many thanks to Christian Barmala's work on this topic and for everyone who has contributed to the shaping of these policies).
If you are unsatisfied with the rate of progress that is done you are welcome to HelpingCAcert the various teams by contributing your time for support, arbitration or software assessment.
Please keep in mind, that there are also Browser_Exclusions for other CA in recent time.
Software
OS
Status |
Category |
Name |
Version |
Issue(s) |
Owner |
Comments |
Included |
OS |
|
|
|
||
Included |
OS |
2006.1 |
|
|
|
|
Contain |
OS |
|
|
not included in ca-certificates since march 2014, but available as package ca-cacert |
||
Included |
OS |
|
|
|
Privatix is based on Debian GNU/Linux. |
|
Included |
OS |
|
|
|
||
Included |
OS |
|
|
|
||
Included |
OS |
6.1 |
|
|
screenshot [dead link] |
|
Included |
OS |
2007.1/2008.1/2009.1/2010.0/cooker |
|
|
||
Included |
OS |
|
|
|
http://grml.org/screeni/cacert.png [dead link] |
|
Included |
OS |
|
|
|
||
Included |
OS |
|
|
|
Seems to be included again since end of 2014: https://www.archlinux.org/packages/core/any/ca-certificates-cacert/ |
|
Removed |
OS |
|
|
|
Was included until 5.6, when it was removed with a comment citing conflict with CAcert's redistribution license: "Notably this removes CAcert who it turns out have strict requirements on redistribution (http://www.cacert.org/policy/RootDistributionLicense.php) which we don't meet." |
|
Included |
Server |
|
|
|
XMPP chat server software includes class 1 & class 3 roots |
|
Disabled |
OS |
3, 4 |
|
|
||
Disabled |
OS |
6.10 |
|
BoF discussion Import from cacert.org.crt |
||
Stalled |
OS |
|
|
Dependent on Mozilla inclusion per comment 2 |
||
Stalled |
OS |
|
|
The old ca-roots port (which included the CAcert certificate) was removed with the comment "Not supported by FreeBSD Security Officer anymore". The current certificate package (ca_root_nss) is a copy of the Mozilla certificate package and FreeBSD is therefore dependent on Mozilla inclusion |
||
Requested |
OS |
|
|
|||
Unknown |
OS |
|
|
|
|
|
Unknown |
OS |
- |
|
Review Request for the integration in Fedora is open |
||
Contain |
OS |
|
|
|
openSUSE package ca-certificates-cacert contains CAcert root certificates. The user may install it; it is not automatically installed during installation procedure. ref. |
|
Unknown |
OS |
|
|
|
|
Order: Status, Name
Browser, etc.
Status |
Category |
Name |
Version |
Issue(s) |
Owner |
Comments |
Included |
Browser |
XeroBank [dead link] |
2.0.0.2a |
|
|
Previously Torpark |
Included |
Device |
|
|
|
||
Included |
Package |
|
net/curl |
|
Depends on CA bundle of MirOS BSD |
|
Included |
Package |
2.0.0.14-1 |
www/firesomething |
|
(Firef*x) patched with MirOS BSD certificate bundle |
|
Included |
Server |
|
|
|
XMPP chat server software includes class 1 & class 3 roots |
|
Stalled |
Browser |
|
|
Includes Firefox, Thunderbird, etc. Awaiting audit to meet policy, we still have some work to do |
||
Requested |
Browser |
|
Moonchild Productions |
|
||
Requested |
Browser |
|
Apple |
Based on WebKit & uses OS X Keychain. Users can provide feedback via Safari->Report Bugs to Apple... |
||
|
Browser |
|
|
Alexander Clauss |
Macintosh only |
|
|
Browser |
|
|
KDE Project |
|
|
|
Browser |
|
|
Opera Software |
|
|
|
Browser |
|
|
Vivaldi Technologies |
|
|
|
Browser |
|
|
SRWare |
Chrome ohne Spionagefunktionen (Android, Linux, Macintosh, Windows) |
|
|
Browser |
|
|
UC Web / Alibaba Group |
Mobile phones, ... |
Order: Status, Name (more browsers: https://www.browser-statistik.de/browser/ )
Organisations
The following organisations (in alphabetical order) deploy CAcert roots to their end user workstations:
Country |
Town/State |
Organisation |
Comments |
Austria |
Vienna |
htl donaustadt |
Class 1 & 3 root certificates deployed to servers and workstations for students, teachers & administration |
Germany |
Bad Schussenried |
Class 1 & 3 root certificates deployed to servers and workstations for employees and customers |
|
Germany |
München |
Class 1 & 3 root certificates deployed to servers and workstations for employees and customers |
|
Switzerland |
Zurich |
Class 1 & 3 root certificates deployed to servers, terminal servers and workstations for students, lecturers & administration |
Order: Country, Town, Organisation
Here you will find a list of assured Organisations For advanced electronic signatures see here.
History
The past of browser inclusion from 2002 to 2008: http://iang.org/papers/open_audit_lisa.html