Hello there,
I installed OpenSuse 6 months ago, I think, and just recently I get this message after the OS is initiated:
Do you ultimately trust
“CN=CA Cert Signing Authority
OU=http:\x2f\x2fwww.cacert.org
O=Root CA
EMail=support@cacert.org”
to correctly certify user certificates?
What should I answer?
Thanks in advance
juvenal
That’s for you to decide. That’s why you were asked.
You must have installed the “ca-certificates-cacert” package. That’s not part of a standard install, at least in my experience. However, I do install that here.
I don’t recall being asked to answer that question, though I would have responded “yes”. But perhaps I answered that long ago and it is in my configuration settings. That looks like a “gpg” message, so your answer would be reflected in gpg trust settings.
Thank you for your quick response. I answered “yes” and then it asks mePlease verify that the certificate identified as:
“CN=CA Cert Signing Authority
OU=http:\x2f\x2fwww.cacert.org
O=Root CA
EMail=support@cacert.org”
has the fingerprint:
13:5C:…
How do I verify that?
juvenal
I’m quite sure that I have never seen that question. I’m wondering what you did to be asked that. I’m wondering why any software would ask that, since it should be able to find the fingerprint without asking you.
CA root authorities are especially critical to security because as a <root> authority you are also trusting any intermediate authorities that might be created.
I <highly> recommend you investigate and determine what apps or systems require this type of trust before you authorize trust.
If it’s asking only for the root authority’s trust, then I recommend first inspecting the root authority’s certificate and verify it’s valid and not an imposter. Then, if valid I’d Google the CA to see if there’s anything on the web about it… Whether it’s experiencing any kind of problems or might have been hacked, maybe any apps or use specific to the CA.
Only after diligent evaluation would I <then> consider installing a root CA.
TSU