<a href='<?=$serial?>.crt'><?=_PEM encoded Certificate?></a>
<? foreach($trustchain) { ?>
<?=_issued by?> <a href='<?=$link?>'><?=$name?></a>
- <? } ?><br/>
+ <? } ?>*<br/>
<a href='<?=$serial?>.crt?chain'><?=_PEM encoded Certificate Chain?></a><br/>
<a href='<?=$serial?>.crt?chain&noAnchor'><?=_PEM encoded Certificate Chain (Excluding Anchor)?></a><br/>
<a href='<?=$serial?>.crt?chain&noLeaf'><?=_PEM encoded Certificate Chain (Excluding Leaf)?></a><br/>
<a href='<?=$serial?>.cer'><?=_DER encoded Certificate?></a><br/>
<a href='<?=$serial?>.cer?install&chain'><?=_Install into browser.?></a><br/>
- <a href='<?=$serial?>.cer?install'><?=_Install into browser. (Chrome)?></a>. <?=_Please ensure that the intermediate certificates listed above are installed prior to installing the certificate.?><br/>
+ <a href='<?=$serial?>.cer?install'><?=_Install into browser (Chrome)?></a>. <?=_Please ensure that the intermediate certificates listed above are installed prior to installing the certificate.?>*<br/><br/>
+ * <?=_For information on how to install the root certificates into the truststore of your browser take a look at the !'<a href="https://wiki.cacert.org/FAQ/CSR">'FAQ!'</a>'!?>
+
</td>
</tr>
<? } ?>
-<h3><?=_CAcert Certificate Acceptable Use Policy?></h3>
-<p><?=_I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to SomeCA Inc. to apply for an Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors.?></p>
+<h3><?=_SomeCA Acceptable Use Policy?></h3>
+<p><?=_I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to SomeCA to apply for an Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors.?></p>
<p><?=_CAcert Inc.'s public certification services are governed by a CPS as amended from time to time which is incorporated into this Agreement by reference. The Subscriber will use the SSL Server Certificate in accordance with SomeCA Inc.'s CPS and supporting documentation published at?> <a href="http://www.cacert.org/cps.php">http://www.cacert.org/cps.php</a></p>
<tbody>
<tr>
<td>
- <label for='profile'><?=_Key type?></label>
+ <label for='profile'><?=_Key type?></label>
</td>
<td>
- <select name="profile" id='profile'>
+ <select name="profile" id='profile'>
<? foreach($profiles) { ?>
- <option value="<?=$key?>"<?=$!selected?>><?=$name?></option>
+ <option value="<?=$key?>"<?=$!selected?>><?=$name?></option>
<? } ?>
- </select>
+ </select>
+ <br />
+ <?=_Select desired type. To have your name added to a certificate you need to get your name verified with at least 50 !'<a href="/wot/rules" target="blank">'Verification Points (VP)!'</a>'.?>
</td>
</tr>
<tr>
<td>
- <label for='CN'><?=_Your name?></label>
+ <label for='CN'><?=_Your name?></label>
+ </td>
+ <td>
+ <input class="form-control" type='text' id='CN' name='CN' value='<?=$CN?>'/>
+ <?=_For a client certificate you need to enter a name with at least 50 VP or 'SomeCA user' will be used.?><br />
+ <?=_For a server certificate leave this field blank.?>
</td>
- <td><input class="form-control" type='text' id='CN' name='CN' value='<?=$CN?>'/></td>
</tr>
<tr>
- <td>SANs</td>
- <td align="left"><textarea class="form-control" rows='5' name='SANs' placeholder="dns:my.domain.example.com, dns:*.example.com, email:my.email@example.com (or newline separated)"><?=$emails?></textarea></td>
+ <td>
+ <label for='SANs'>SANs</label>
+ </td>
+ <td align="left">
+ <textarea class="form-control" rows='5' name='SANs' placeholder="dns:my.domain.example.com, dns:*.example.com, email:my.email@example.com (or newline separated)"><?=$emails?></textarea><br />
+ <?=_Syntax for SAN?>: dns:my.domain.example.com, dns:*.example.com, email:my.email@example.com <?=_(or newline separated)?><br />
+ <?=_Recommendation for inexperienced users: only use one email address for client certificates.?>
+ </td>
</tr>
<? if($orga) { ?>
<tr>
<input type="checkbox" id="login" name="login" value="1" checked="checked" />
</td>
<td align="left">
- <label for="login"><?=_Enable certificate login with this certificate?><br />
- <?=_By allowing certificate login, this certificate can be used to log into this account at !'<code>https://secure.cacert.org/</code>'.?></label>
+ <label for="login"><?=_Enable certificate login with this certificate?></label><br />
+ <span><?=_By allowing certificate login, this certificate can be used to log into this account at !'<code>https://secure.cacert.org/</code>'.?><br />
+ <?=_Recommendation: Have at least one client certificate for login enabled.?></span>
</td>
</tr>
<tr>
</tr>
<tr>
- <td colspan="2"><input class="btn btn-primary" type="submit" name="process" value="<?=_Issue Certificate?>" /></td>
+ <td colspan="2">
+ <input class="btn btn-primary" type="submit" name="process" value="<?=_Issue Certificate?>" />
+ <?=_Once the request is submitted, please be patient until the certificate is signed.?>
+ </td>
</tr>
</tbody>
</table>
+<p><?=_SomeCA offers two ways to create a certificate.?>
+<?=_One is to paste a certificate signing request (CSR) created from an existing or newly created private key.?> <?=_ If you do not know what a CSR is or how to create one take a look at the !'<a href="https://someca.de/FAQ/CSR">'FAQ'!</a>'.?>
+<?=_As an alternative you can generate the private key inside your browser and export it once the certificate has been issued.?></p>
<form method="post">
<table class="table">
<thead>
</thead>
<tbody>
<tr>
- <td><?=_I have a CSR! Paste it here:?><br/><?=_Don't know what a CSR is or how to create one? Take a look at the !'<a href="https://wiki.cacert.org/FAQ/CSR">'Wiki!'</a>'!?></td>
+ <td><?=_I have some existing public key (SPKI) or signing request (CSR) I want to sign. Paste it here:?></td>
<td>
- <textarea class="form-control" name="CSR" class="csr"></textarea>
+ <textarea class="form-control" name="CSR" class="csr" rows="10" cols="80"></textarea>
</td>
</tr>
<tr>
</tbody>
</table>
</form>
-<br>
<form method="post">
<table class="table">
<thead>
<tr>
- <th colspan="2" class="title"><?=_New Certificate from newly generatey Key (SPKAC)?></th>
+ <th colspan="2" class="title"><?=_Create a fresh key in the browser (SPKAC)?></th>
</tr>
</thead>
<tbody>
<tr>
<td><?=_I do not have a CSR.?></td>
<td align="left">
- <keygen name="SPKAC" challenge="<?=$spkacChallenge?>"/>
+ <?=_key size (2048 recommended)?>: <keygen name="SPKAC" challenge="<?=$spkacChallenge?>"/>
</td>
</tr>
<tr>
projects / gigi.git / commitdiff