Free code signing certificates for businesses
CAcert, the community-based certification authority, now offers businesses X.509 certificates suitable for code signing. Until now, this option was only available to private users as it was not part of the corporate portion of the online administration system. According to CAcert's Philipp Gühring this functionality has now been provided following numerous requests.
CAcert is currently being audited to improve browser acceptance of the certificates. To assure the required quality level, CAcert developers have designed an online test for Assurers. According to Gühring, the free test is currently voluntary but will become mandatory for Assurers to continue awarding assurance points to other members in a few months' time.
The not-for-profit organisation is a "trusted third party" and uses a points system to award free X.509 certificates and PGP keys to private users and businesses. It currently claims more than 100,000 verified private users and more than 13,000 users with assured identities. In an interview with heise Security, Gühring said that more than 300 business assurances have been carried out so far.
CAcert's biggest problem to date has been its lack of acceptance by the browser developers, who don't include CAcert's root certificate in their standard configurations. Users and administrators still need to manually import the root certificates required for successful verification to avoid the error messages.