2.2 KiB
| title | layout |
|---|---|
| Installing the CA Certifiacte | base.njk |
{{title}}
When you visit mybank.com over HTTPS, your connection is encrypted and reliable. Encryption means the data is scrambled so it can't be "wiretapped". Reliability means you can trust that the data was sent from the real mybank.com.
.comis the Top Level Domain (TLD). The TLD could be.orgor whatever.- Each TLD has its own Certificate Authority (CA). The CA for
.comis Verisign, Inc. - Your browser has a store of CA certificates, one for each CA/TLD. (Your operating system also keeps a store of CA certs).
- When you visit
mybank.comfor the first time, they send you a server certificate. - Your browser uses the Verisign CA certificate in its storage to ensure that the server certificate recieved from
mybank.comwas signed by Verisign.
If the data sent by mybank.com was signed by Verisign, we know we're talking to the real mybank.com. (It's the responsibility of the CA to make sure they're signing certificates for the real mybank and not an imposter.) Because our connection is reliable, our browser shows us a lock symbol.
This reliability is part of Transport Layer Security (TLS). This example used HTTPS, a web protocol. But TLS is also used in mumble, email, matrix, irc, etc.
Respec GF4's authoritah
GF4 uses the unofficial .gf4 TLD. Neither your OS nor browser have a CA certificate for this TLD: you have to import it. If possible, import it into both OS and browser. On mobile devices it's only availale at the OS level, at least that's how it is on android.
For all of these instructions, you'll need to download the certificate from https://www.gf4.pw/ca.crt.
TODO: Split these into seperate pages
Linux
Debian/Ubuntu
curl -s https://www.gf4.pw/ca.crt \
| sudo tee /usr/local/share/ca-certificates/gf4.crt \
| sudo tee /etc/ssl/certs/gf4.pem
sudo chmod 644 /usr/local/share/ca-certificates/gf4.crt /etc/ssl/certs/gf4.pem
Import the certificates into your browser too.
Android
TODO
Mac
Help wanted
iPhone
Help wanted
Windows
Help wanted
< Back