Metasofa Media Co-op

Metasofa Certificate Authority

About secure website access and Metasofa security certificates

If you're signing in to the Metasofa Timebank or your web intercom, or if you want to send us a message securely, or view Metasofa webpages with https instead of http, you might get a scary warning from your browser ("not private", "unsafe website", "untrusted / self-signed certificate", "invalid authority", "unknown issuer", "can't verify identity", etc)

No need to panic!  It's normal and good for your browser to give these warnings, but in this case don't worry, just tell your browser to keep going forward... (click OK, Continue, Unsafe, Advanced, Show, View, etc)

This will temporarily encrypt the session to prevent internet eavesdropping and password theft, but you'll need to pay attention each time you connect to be sure it's the genuine website.

For better ongoing security, you can install the Metasofa Root CA certificate so your web browser can automatically verify Metasofa secure sites & encryption keys with every connection.

How to download and install the Metasofa Root CA certificate

Important note - of course always use caution whenever installing or updating any software or security certificates, and trust only known sources.  For general information on web security, certificates, and public key infrastructure, please see the info links below.  For a technical overview and current listing of all Metasofa certificates, see certificates below.

1.  If you're not already on the secure version of this webpage, please go there, temporarily bypassing security warnings if necessary as described above.  If you're not sure this is the real secure.metasofa.org, please contact us directly.

2.  Click any of these 4 file-names to download the Metasofa Root CA certificate into your web browser or system.  All of these files contain the same certificate, but some file formats may install easier than others depending on your browser or system.  (try .crt first)

      metasofa-2014-root.crt  or  metasofa-2014-root.pem  (2k text)  or
      metasofa-2014-root.cer  or  metasofa-2014-root.der  (1.5k binary)

3-a.  If your browser offers to install the certificate directly (eg, Firefox, iPhone, iPad), check appropriate options if any, and click Install or Trust or OK to approve installation of the certificate.

3-b.  If your browser only downloads the file and doesn't offer to install it (eg, Chrome, Safari, IE, or others), find the file in your Downloads folder and double-click to open it with the your system's certificate manager.  You'll need to approve installation of the certificate.

The Metasofa Root CA certificate should be trusted for x509 and/or Certificate Signing, depending on your browser.  If you set your trust preferences to "Always Ask", you'll know whenever your browser is referring to the certificate.

Installation should take only a few seconds.  If you get an error message or the certificate doesn't install, try again with a different file format above, or consult the help manual for your browser or system on "How to install / remove a Root Certificate or Certificate Authority".

The Metasofa Root CA and Server certificates

There is one Metasofa Root CA certificate.  This is used to sign and validate Metasofa Server certificates for various projects of the Metasofa Media Co-op.  (see above for how to install the Metasofa Root CA certificate)

    Metasofa Root CA - metasofa-2014-root.crt  or .pem, .cer, .der  (valid 2014-2033)

    Metasofa Server ( *.metasofa.org ) - metasofa-2018-server.crt  (valid 2018-2020)

    Metasofa Server ( *.metasofa.org ) - metasofa-2020-server.crt  (valid 2020-2022)

This is a complete and current list of all valid Metasofa certificates.  Other / older Metasofa certificates are obsolete and should be deleted.  Please feel free to contact us directly if you're not sure of the validity of these certificates or this webpage.

updated 2020 June 7  

Details for Metasofa Root CA

X.509 Certificate "metasofa-2014-root" Version: 3 (0x2) Serial Number: 6d:65:74:61:73:6f:66:61:2d:32:30:31:34:30:30:30 Validity: Not Before: Dec 21 23:03:17 2014 GMT Not After: Dec 21 23:03:17 2033 GMT Issuer: O=Metasofa Media Co-op, OU=metasofa.org, CN=Metasofa Root CA Subject: O=Metasofa Media Co-op, OU=metasofa.org, CN=Metasofa Root CA Subject Public Key: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bits / 256 bytes) 00:c3:d7:1f:32:1a:f5:e3:7f:51:7e:c2:cb:f8:75:db:... Exponent: 65537 (0x10001) Basic Constraints: critical, CA:true, pathlen:1 Key Usage: critical, Digital Signature, Certificate Sign, CRL Sign Authority Information Access: CA Issuers - http://metasofa.org/cert Netscape CA Policy Url: http://metasofa.org/cert Netscape Comment: all cert info - http://metasofa.org/cert - https://secure.metasofa.org/cert Subject Key Identifier: 84:E0:AC:C0:09:AC:24:6E:48:2E:0C:75:E6:7A:64:70:E1:B5:71:70 Authority Key Identifier: 84:E0:AC:C0:09:AC:24:6E:48:2E:0C:75:E6:7A:64:70:E1:B5:71:70 Signature Algorithm: sha256WithRSAEncryption Signature: (2048 bits / 256 bytes) 7b:2a:25:f1:c6:3d:33:56:df:ae:dd:e8:3a:53:38:ad:...

Information on web security, certificates, and public key infrastructure

    HTTPS secure web protocol (wikipedia)

    Self-signed certificate and Certificate authority (wikipedia)

    Digital certificates and Public Key Infrastructure (wikipedia)

    X.509 (wikipedia) and RFC 5280 & 6818 (ietf standards track)

    OpenSSL.org - open source software libraries & utilities

    Let's Encrypt - free, automated, open certificate authority

Metasofa Certificate Authority

Metasofa Media Co-op

also see - metasofa - timebank - contact