== Purpose ==
This wiki page is used to maintain a complete list of CAcert's service-related certificates with all required details for keeping them up-to-date.

Most of CAcert's services are running over HTTPS secured by a CAcert-issued certificate. 
It is important that these certificates are renewed in a timely fashion to avoid issues with services failing due to expired certificates.
In general the certificate owner is responsible for timely renewal and re-installation of the certificate, however in some cases the owner may not be available or aware of a problem. Therefore it is useful to collect the information about all of CAcert's current service-related certificates in one place, allowing other system administrators to act as a backup if necessary.

{{{#!wiki note
The new infrastructure documentation contains an automatically generated list of certificates at https://infradocs.cacert.org/certlist.html that contains all recent information. The list below references pages in the new documentation to avoid information duplication.
}}}

== Certificate List ==

Procedures and organisation administrators page is [[SystemAdministration/Procedures/CertificateIssuing]]

=== blog.cacert.org ===
|| Common Name || blog.cacert.org ||
|| Owner       || blog-admin@cacert.org ||
|| Reference   || https://infradocs.cacert.org/systems/blog.html#keys-and-x-509-certificates ||

=== board.cacert.org ===
|| Common Name || board.cacert.org ||
|| Owner       || board-admin@cacert.org ||
|| Reference   || https://infradocs.cacert.org/systems/board.html#keys-and-x-509-certificates ||

=== bugs.cacert.org ===
|| Common Name || bugs.cacert.org ||
|| Owner       || bugs-admin@cacert.org ||
|| Reference   || https://infradocs.cacert.org/systems/bugs.html#keys-and-x-509-certificates ||

=== cats.cacert.org ===
|| Common Name || cats.cacert.org ||
|| Owner       || EducationOfficer, currently BernhardFröhlich ||
|| Reference   || https://infradocs.cacert.org/systems/cats.html#keys-and-x-509-certificates ||

=== cats@cacert.org ===
|| Common Name || Must include emailAddress=cats@cacert.org, other name parts are not relevant. ||
|| Owner       || EducationOfficer, currently BernhardFröhlich ||
|| Reference   || https://infradocs.cacert.org/systems/cats.html#keys-and-x-509-certificates ||
|| Other info  || Used by the upload script to authenticate at the server, see [[https://github.com/CAcertOrg/cacert-devel/blob/release/www/cats/cats_import.php|www/cats/cats_import.php]]<<BR>>The expiry date in the filename sometimes remembers me to renew the cert,<<BR>>but if a new cert/key is installed as a new name the script cats:/home/cats/tools/do_upload has to be<<BR>>adjusted. If you prefer a fixed keyname, feel free...  ||

=== community.cacert.org ===
|| Common Name || community.cacert.org ||
|| Owner       || email-admin@cacert.org ||
|| Reference   || https://infradocs.cacert.org/systems/webmail.html#keys-and-x-509-certificates and https://infradocs.cacert.org/systems/email.html#keys-and-x-509-certificates ||
|| Other info  || The same key is used in for webmail (https) and the email system (imap/pop3/managesieve/smtps/smtp submission) ||

=== crl.cacert.org ===
|| Common Name      || crl.cacert.org ||
|| Owner            || critical-admin@cacert.org ||
|| Reference        || https://infradocs.cacert.org/critical/crl.html#keys-and-x-509-certificates ||

=== email.cacert.org ===
|| Common Name || email.cacert.org ||
|| Owner       || email-admin@cacert.org ||
|| Reference   || https://infradocs.cacert.org/systems/email.html#keys-and-x-509-certificates ||

=== funding.cacert.org ===
|| Common Name || funding.cacert.org ||
|| Owner       || web-admin@cacert.org ||
|| Reference   || https://infradocs.cacert.org/systems/web.html#keys-and-x-509-certificates ||

=== git.cacert.org ===
|| Common Name || git.cacert.org ||
|| Owner       || git-admin@cacert.org ||
|| Reference   || https://infradocs.cacert.org/systems/git.html#keys-and-x-509-certificates ||

=== infradocs.cacert.org ===
|| Common Name || infradocs.cacert.org ||
|| Owner       || web-admin@cacert.org ||
|| Reference   || https://infradocs.cacert.org/systems/web.html#keys-and-x-509-certificates ||

=== irc.cacert.org ===
|| Common Name || irc.cacert.org ||
|| Owner       || irc-admin@cacert.org ||
|| Reference   || https://infradocs.cacert.org/systems/irc.html#keys-and-x-509-certificates ||

=== issue.cacert.org ===
|| Common Name || issue.cacert.org ||
|| Owner       || issue-admin@cacert.org ||
|| Reference   || https://infradocs.cacert.org/systems/issue.html#keys-and-x-509-certificates ||

=== jenkins.cacert.org ===
|| Common Name || jenkins.cacert.org ||
|| Owner       || web-admin@cacert.org ||
|| Reference   || https://infradocs.cacert.org/systems/web.html#keys-and-x-509-certificates ||

=== lists.cacert.org ===
|| Common Name || lists.cacert.org ||
|| Owner       || email-admin@cacert.org ||
|| Reference   || https://infradocs.cacert.org/systems/lists.html#keys-and-x-509-certificates ||

=== monitor.cacert.org ===
|| Common Name      || monitor.cacert.org ||
|| Owner            || monitor-admin@cacert.org ||
|| Reference        || https://infradocs.cacert.org/systems/monitor.html#keys-and-x-509-certificates ||

=== ocsp.cacert.org ===
|| Common Name      || ocsp.cacert.org ||
|| Owner            || critical-admin@cacert.org ||
|| Reference        || https://infradocs.cacert.org/critical/ocsp.html#keys-and-x-509-certificates ||

|| Common Name      || ocsp.cacert.org class1 OCSP signing ||
|| Owner            || critical-admin@cacert.org ||
|| Reference        || https://infradocs.cacert.org/critical/ocsp.html#keys-and-x-509-certificates ||

|| Common Name      || ocsp.cacert.org class3 OCSP signing ||
|| Owner            || critical-admin@cacert.org ||
|| Reference        || https://infradocs.cacert.org/critical/ocsp.html#keys-and-x-509-certificates ||

=== svn.cacert.org ===
|| Common Name || svn.cacert.org ||
|| Owner       || svn-admin@cacert.org ||
|| Reference   || https://infradocs.cacert.org/systems/svn.html#keys-and-x-509-certificates ||

=== translations.cacert.org ===
|| Common Name || translations.cacert.org ||
|| Owner       || translations-admin@cacert.org ||
|| Reference   || https://infradocs.cacert.org/systems/translations.html#keys-and-x-509-certificates ||

=== wiki.cacert.org ===
|| Common Name      || wiki.cacert.org||
|| Owner       || wiki-admin@cacert.org ||
|| Reference   || https://infradocs.cacert.org/systems/wiki.html#keys-and-x-509-certificates ||

=== www.cacert.org ===
|| Common Name      || www.cacert.org ||
|| Owner            || critical-admin@cacert.org ||
|| Reference        || https://infradocs.cacert.org/critical/webdb.html#keys-and-x-509-certificates ||

## Use this template for new certificates and move them to the correct alphabetic position
## Information for Serial Number, Expiration date and SHA1 fingerprint should be taken from
## the output of openssl x509 -noout -text -fingerprint -in certificate.pem
##
## === hostname ===
## || Common Name      || hostname ||
## || Owner            || see [[SystemAdministration/Systems/Hostname]]||
## || Subject Altnames || none ||
## || Key kept at      || [[SystemAdministration/Systems/Hostname|hostname]]:/etc/ssl/private/hostname.key ||
## || Cert kept at     || [[SystemAdministration/Systems/Hostname|hostname]]:/etc/ssl/public/hostname.crt ||
## || Serial Number    ||  ||
## || Expiration date  ||  ||
## || SHA1 Fingerprint || `` ||

== Comments ==

----
CategorySystems