Nixsys Public Access UNIX System

Transport Layer Security / Secure Sockets Layer (TLS / SSL):

Contents

Overview

The TLS / SSL protocol permits users to securely connect to the Secure Web, Secure Mail, secure IMAP, Secure POP3, and Secure WebMail resources provided by Nixsys PAUS. Once connected using TLS / SSL, users may browse all websites hosted by Nixsys PAUS and / or access e-mail using IMAP and POP3 clients and / or the Secure WebMail interface.

For a TLS / SSL connection to be guaranteed secure, users must load the root Certificate Authority (CA) certificate into the root Certificate Store of their user agents (browsers, mail clients, etc). Only then, will these applications be able to verify the integrity of any connections made by certificates signed by that root CA.

Nixsys PAUS Certificate Authority

Nixsys PAUS is its own CA. This means that Nixsys PAUS issues and signs digital certificates used to verify the identity of the servers and clients connecting to the servers. To verify any certificates issued and signed by Nixsys PAUS, users must load its root CA certificate into their Certificate Store.

Necessary Files

The three files listed below are necessary for clients to perform TLS / SSL authentication.

cacert.crt

The Root CA certificate for Nixsys PAUS encoded in PEM format. Most clients will use this file.

cacert.der

The Root CA certificate for Nixsys PAUS encoded in DER format. This file is provided for Netscape browsers and other clients requiring certificates encoded in DER format.

crl.pem

The Certificate Revocation List (CRL) for the Nixsys PAUS CA. None are revoked, as only those authorized are those used on Nixsys PAUS. This file is necessary for some versions of Netscape and any other clients which require a CRL in addition to the root CA certificate.

Installing the Root CA certificate for Nixsys PAUS with Microsoft Internet Explorer

  1. File Download

    After clicking on the "cacert.crt" link above, the File Download window will appear. Select "Open".

     
  2. Certificate window

    The CA certificate will download and the Certificate window shall open. Click the "Install Certificate..." button.

     
  3. Certificate Import Wizard

    The Certificate Import Wizard will start the import procedure. Click the "Next" button.

     
  4. Certificate Import Wizard Certificate
Store

    Root CA certificates reside in a Certificate Store. Most users probably use automatic selection to determine where certificates will be stored. However, if a different Certificate Store is desired than one obtained through automatic selection, specify the location by checking the second option button and inputting its location into the text box. When ready, click "Next".

     
  5. Certificate Import Wizard Completion

    If no errors are received, the process completed successfully. Select the "Finish" button.

     
  6. Root Certificate Store

    The Root Certificate Store dialog box will appear. Click "Yes" to add the certificate to your Root Store.

     
  7. Certificate Import Wizard

    If no errors are received, the process completed successfully. Click "OK".

     
  8. status bar

    Enter the address: https://nixsyspaus.org into the location bar. Notice the small lock icon in the lower right hand corner of the status bar. This shows that a secure connection has been established. Double click this icon.

     
  9. certificate window

    The Certificate window will reappear. Selecting the "Certification Path" tab shows the Root CA certificate of Nixsys PAUS. Branched from it, will be the certificate for nixsyspaus.org. That certificate is used to view webpages, such as the WebMail interface, on nixsyspaus.org over a TLS / SSL connection. Other useful data may be viewed about certificates using this window.

     

Installing the Root CA certificate for Nixsys PAUS with Netscape Navigator

TODO

Installing the Root CA certificate for Nixsys PAUS with Mozilla, FireFox, and Galeon

All these browsers use the same procedure with extremely similar windows.
  1. Galeon dialog box

    After clicking on the "cacert.crt" link above, a dialog box will appear. Select all three options and then click "OK".

     
  2. Enter the address: https://nixsyspaus.org into the location bar. Notice the small, yellow lock icon in the lower right hand corner of the status bar. This shows that a secure connection has been established. Move the mouse over or click this icon to view information about the connection.

    Mozilla status bar Firefox status bar Galeon status bar

Requesting a Certificate

Many commercial and some free CAs exist on the Internet. Nixsys PAUS provides certificates to users hosting TLS / SSL-based services. To request a certificate, send an e-mail to the Security Team, security -AT- nixsyspaus -DOT- org, with the following information:

Country Name
(2 letter code)
State or Province Name
(full name)
Locality Name
(e.g: city)
Organization Name
(e.g: company)
Organizational Unit Name
(e.g: section)
Common Name
Your host's name (e.g: asche.nixsyspaus.org). Sixty-four (64) characters maximum.
E-mail Address
Forty (40) characters maximum.

Reading and understanding all information provided on this page is essential for the public to validate certificates signed by the Nixsys PAUS CA.

Back to the top!