CAcert ceremony (c) CAcert Inc. 2008 see licence Includes BouncyCastle software, see licence. See http://wiki.cacert.org/wiki/Roots/TestNewRootCerts this is a work in progress... please report problems to support@cacert.org ** REQUIRED STEPS/SOFTWARES ** * Install packages from Ubuntu 8.04.1 apt-get install sun-java6-jre sun-java6-jdk openssl bash hexedit coreutils israndom randomsound subversion ent * Download the sources with svn co http://svn.cacert.org/CAcert/Software/CAcertCeremonyScript/ CAcertCeremonyScript * Setup Java6 export JAVA_HOME=/usr/lib/jvm/java-6-sun export PATH=$JAVA_HOME/bin:$PATH * Check java with "java -version", example: $ java -version java version "1.6.0_07" Java(TM) SE Runtime Environment (build 1.6.0_07-b06) Java HotSpot(TM) Client VM (build 10.0-b23, mixed mode, sharing) * The jce_policy-6.zip file can be found at http://java.sun.com/javase/downloads/?intcmp=1281 you need to update the JVM with jce_policy-6.zip for extended crypto, else the program will fail with "invalid keylength exception" => you need to extract the files from jce_policy-6.zip in the following directory (need root priviledge) $JAVA_HOME/jre/lib/security * Start the script with ./make.sh 2>&1 | tee PLEASE_SAVE_THE_LOGS.txt testing (faster) ./make.sh 2048 32 UNSECURE then grab the id.p12 file in signingengine directory load the file in Firefox 3 keystore, validate the Root cert, then check if the root/subroot/client cert have no validation error message IMPORTANT : Update Ceremony.properties before starting the REAL ceremony