Metasofa Media Co-op
Metasofa Certificate Authority
About secure website access and Metasofa security certificates

If you're signing in to the Metasofa Timebank or your web intercom, or want to send us a message securely, or view Metasofa webpages with https instead of http, you might get a scary warning from your browser ("unsafe website", "untrusted / self-signed certificate", "can't verify identity" etc)

No need to panic!  It's normal and good for your browser to give these warnings, but in this case don't worry, just tell your browser to keep going forward... (click OK, Continue, Unsafe, Advanced, etc)

This will temporarily encrypt your session to prevent internet eavesdropping and info / password theft, but you will need to pay attention each time you connect, and be sure it's the genuine website.

For easier and better security, you can install the Metasofa Root CA certificate so your web browser can positively identify Metasofa secure sites & encryption keys every time you connect.

How to download and install the Metasofa Root CA certificate

Important note - of course always use caution whenever installing or updating any software or security certificates, and trust only known sources.  For general information on web security, certificates, and public key infrastructure, please see the info links below.  For a technical overview and current listing of all Metasofa certificates, see certificates below.

1.  If you're not already on the secure version of this webpage, please go there, temporarily bypassing security warnings if necessary as described above.  If you're not sure this is the real secure.metasofa.org, please contact us directly.

2.  Click any of these 4 file-names to download and install the Metasofa Root CA certificate into your web browser or system.  All of these files contain the same certificate, but some file formats may install easier than others depending on your browser or system.  (try .crt first)

      metasofa-2014-root.crt  or  metasofa-2014-root.pem  (2k text)  or
      metasofa-2014-root.cer  or  metasofa-2014-root.der  (1.5k binary)

3-a.  If your browser offers to install the certificate directly (eg, Firefox, iPhone, iPad), check appropriate options if any, and click Install or OK to approve installation of the certificate.

3-b.  If your browser only downloads the file and doesn't offer to install it (eg, Chrome, Safari, IE, or others), find the file in your Downloads folder and double-click to open it with the your system's certificate manager.  You'll need to approve installation of the certificate.

The Metasofa Root CA certificate should be trusted for x509 and/or Certificate Signing, depending on your browser.  If you set your trust preferences to "Always Ask", you'll know whenever your browser is referring to the certificate.

If you get an error message or the certificate doesn't install, try again with a different file format above, or consult the help manual for your browser on "How to install / remove a Root Certificate or Certificate Authority".

The Metasofa Root CA and Server certificates

There is one Metasofa Root CA certificate.  This is used to sign and validate Metasofa Server certificates for various projects of the Metasofa Media Co-op.  (see above for how to install the Metasofa Root CA certificate)

    Metasofa Root CA - metasofa-2014-root.crt  or .pem, .cer, .der  (valid 2014-2033)

    Metasofa Server ( *.metasofa.org ) - metasofa-2018-server.crt  (valid 2018-2020)

This is a complete and current list of all valid Metasofa certificates.  Other / older Metasofa certificates are obsolete and should be deleted.  Please feel free to contact us directly if you're not sure of the validity of these certificates or this webpage.

updated 2018 Sep 30  
Details for Metasofa Root CA

X.509 Certificate "metasofa-2014-root"
Version: 3 (0x2)

Serial Number:
  6d:65:74:61:73:6f:66:61:2d:32:30:31:34:30:30:30
Validity:
  Not Before: Dec 21 23:03:17 2014 GMT
   Not After: Dec 21 23:03:17 2033 GMT

Issuer:
  O=Metasofa Media Co-op, OU=metasofa.org, CN=Metasofa Root CA
Subject:
  O=Metasofa Media Co-op, OU=metasofa.org, CN=Metasofa Root CA

Subject Public Key:
  Public Key Algorithm: rsaEncryption
  RSA Public Key: (2048 bits / 256 bytes)
    00:c3:d7:1f:32:1a:f5:e3:7f:51:7e:c2:cb:f8:75:db:...
  Exponent: 65537 (0x10001)

Basic Constraints: critical, CA:true, pathlen:1
Key Usage: critical,
  Digital Signature, Certificate Sign, CRL Sign

Authority Information Access:
          CA Issuers - http://metasofa.org/cert
Netscape CA Policy Url: http://metasofa.org/cert
Netscape Comment:
       all cert info - http://metasofa.org/cert
            - https://secure.metasofa.org/cert

Subject Key Identifier:
  84:E0:AC:C0:09:AC:24:6E:48:2E:0C:75:E6:7A:64:70:E1:B5:71:70
Authority Key Identifier:
  84:E0:AC:C0:09:AC:24:6E:48:2E:0C:75:E6:7A:64:70:E1:B5:71:70

Signature Algorithm: sha256WithRSAEncryption
Signature: (2048 bits / 256 bytes)
  7b:2a:25:f1:c6:3d:33:56:df:ae:dd:e8:3a:53:38:ad:...

Information on web security, certificates, and public key infrastructure

    HTTPS secure web protocol (wikipedia)

    Self-signed certificate and Certificate authority (wikipedia)

    Digital certificates and Public Key Infrastructure (wikipedia)

    X.509 (wikipedia) and RFC 5280 & 6818 (ietf standards track)

    OpenSSL.org - open source software libraries & utilities

    Let's Encrypt - free, automated, open certificate authority

Metasofa Certificate Authority
Metasofa Media Co-op
also see - metasofa - timebank - contact