From this page you can download the certificate of our CA, to install it on your computer so that you can trust the SSL connections towards our services.
You can check the certificate installation guide.
Autistici/Inventati Certification Authority
- Fingerprint MD5: DD:8F:19:ED:FE:D1:98:44:14:93:8A:E8:FE:58:06:4A
- Fingerprint SHA1: D4:A8:07:24:0C:26:B6:D7:9D:AA:CC:CA:77:BA:3A:27:AE:0C:B5:35
- Certificate revocation list (v1).
Service specific fingerprint
- Fingerprint MD5: 55:D5:CE:94:B3:DB:B6:7C:03:18:76:53:47:69:93:AF
- Fingerprint SHA1: D4:ED:6A:F0:91:5D:E6:58:04:48:00:9B:B7:FC:2C:E9:8F:EB:9D:8F
- Fingerprint MD5: F5:E5:EC:FB:3F:8F:FE:D3:B0:AF:35:E7:2E:E6:7D:8F
- Fingerprint SHA1: 92:E2:58:D4:97:B0:86:8F:25:CF:A4:5F:7B:9C:7A:C7:67:97:E2:5E
- Fingerprint MD5: A3:27:DD:E5:EF:8F:D8:B2:B6:F4:D5:AE:7E:A2:FE:E0
- Fingerprint SHA1: B6:FD:4B:45:2D:61:AC:1B:F9:6C:54:FE:E3:74:1C:0D:29:D1:79:5A
- Fingerprint MD5: F1:C6:2B:45:1C:94:6E:72:8A:15:9A:4D:3B:08:B4:75
- Fingerprint SHA1: 28:12:A4:28:2B:F5:F7:05:12:EC:BF:23:09:37:F8:D0:9C:C4:C7:DE
- Fingerprint MD5: 13:A2:29:CD:60:8D:4C:79:80:AF:C0:D5:E0:E2:F8:6B
- Fingerprint SHA1: AB:50:16:80:A4:63:4B:20:93:F2:9F:2B:AB:8D:FB:08:4D:CA:CD:B5
- Fingerprint MD5: F4:2A:36:17:A7:64:7E:52:AD:3E:9F:2F:43:99:6E:88
- Fingerprint SHA1: 99:F5:6A:47:C3:6E:86:4E:19:56:A7:A5:A7:AD:D5:BB:BC:FB:E5:EC
- Fingerprint MD5: B1:DC:3D:ED:84:C2:7F:44:C8:6D:84:F1:B1:6E:BC:83
- Fingerprint SHA1: CA:4A:41:21:46:86:CC:03:5D:F7:CF:B7:FE:A3:3D:E8:87:41:46:50
If you want to verify that one of our services is using a valid SSL certificate, you can check whether it is signed by our Certification Authority. Individual certificates for specific services may change often, so it's a good thing to check them once in a while.
Assuming you're using a UNIX-like system (Linux, OSX), and that you have previously downloaded the CA certificate above to a file named, for example, ai-ca.pem, you can verify the certificate's signature by running:
$ openssl s_client -connect www.autistici.org:443 \ -CAfile ai-ca.pem -quiet -no_ign_eof </dev/nullThe expected (correct) result looks like this (certificate-specific details may vary):
depth=1 C = IT, O = Autistici/Inventati, CN = Autistici/Inventati Certification Authority, emailAddress = firstname.lastname@example.org verify return:1 depth=0 C = IT, O = Autistici/Inventati, OU = Autistici/Inventati web services, CN = www.autistici.org verify return:1 DONEIf there are any errors, you'll see something like the following:
depth=0 C = IT, O = Autistici/Inventati, OU = Autistici/Inventati web services, CN = www.autistici.org verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 C = IT, O = Autistici/Inventati, OU = Autistici/Inventati web services, CN = www.autistici.org verify error:num=27:certificate not trusted verify return:1 depth=0 C = IT, O = Autistici/Inventati, OU = Autistici/Inventati web services, CN = www.autistici.org verify error:num=21:unable to verify the first certificate verify return:1 DONE
Note that to verify services that use STARTTLS extensions you might need to add the right options to openssl s_client, namely -starttls proto. Consult the manpage for s_client for further details.