Certification Practise Statement (CPS)
This is a experimental CA for demonstration and educational purposes only. There is no warranty that this software and generated certificates work. Generated certificates do not imply any ownership verifications and have no other link to the author except through the public access to the auto- generation with this software. Requests are signed in an automated fashion. Future certificate retrieval or site availability is uncertain.
I'm not responsible for misuse or missrepresentation. This is NOT a classified CA.
Currently, the software does not manage a signed certificate database. A CRL is generated, but may run out-of-date. A copy of the certificate is saved on this server.
last update 06/04/2021 @2003-2024 fm4dd
Digital Certificates are needed everywhere in today's world. They are used to enable SSL-protected web traffic, e-mail encryption and other technologies.
To get a digital certificate, you'll either have to order one from a commercial provider such as Verisign who usually charges $$$, or you have to install, configure and run your own certificate authority. This costs also $$ and, at the very least is something more you need to learn and manage, which is time and resource consuming. Often we don't need the extensive functionality and complexity of a full CA management system with its distributed structure, separation of requestor and signer and the database structures to manage it all.
For these reasons I wrote WebCert as a lightweight self-service application. It allows me to quickly generate certificates on my own, and to enable my colleagues without knowledge of the details to do so as well. The first version became an instant hit with over 300 certificate generations per year. It encouraged me to improve it to the version you see here.
WebCert is using the OpenSSL libraries for certificate operations. It is not just a frontend to the OpenSSL program, but independently written. It only requires standard C libraries, the OpenSSL libraries and the CGIC library from Thomas Boutell. No, you don't need to maintain any of the web-application enabling technologies like JSP, PHP, Phyton... and no database is required, either. WebCert is using simple CGI technology for easiest installation and maintenance.
- Thomas Boutell's CGIC library, see http://www.boutell.com/cgic/
- OpenSSL libary and headers, see http://www.openssl.org/
It is highly adviseable to provide access control and SSL encryption to the WebCert interface for any use other then experimental. The webserver writeable certificate and export directory should be secured (i.e. by a Apache <Directory> directive).
Copyright and License
WebCert was written by Frank4DD. It is distributed under the MIT license.
Of course this software and its created certificates come WITHOUT ANY WARRANTY.
Thanks and Credits
- to Thomas Boutell for providing the CGIC library
- to the authors of O'Reilly's book "Network Security with OpenSSL", who provided a guiding "light" in the OpenSSL jungle.
- to the OpenSSL team for building such a fundamental library
CGIC, copyright 1996, 1997, 1998, 1999, 2000, 2001, 2002 by Thomas Boutell and Boutell.Com, Inc.. Permission is granted to use CGIC in any application, commercial or noncommercial, at no cost. HOWEVER, this copyright paragraph must appear on a "credits" page accessible in the public online and offline documentation of the program. Modified versions of the CGIC library should not be distributed without the attachment of a clear statement regarding the author of the modifications, and this notice may in no case be removed. Modifications may also be submitted to the author for inclusion in the main CGIC distribution.
Contact and Appreciation
Please send your comments to support[at]frank4dd.com. Please be patient with me for a response.
If you want to do something really nice and encouraging besides just saying "Thanks", send me a photo or picture of the area you are living in: either your town, your work, local sights or of your neighborhood. I would enjoy it very much. Cheers.