Installing CAcert root certificates

Note the procedures on this page are no-longer necessary for domains under my control. I now use certificates signed by StartSSL who are trusted Certificate Authorities in most browsers/Operating systems.

In order to stop warnings from email clients and web browsers it is necessary to install the CAcert root “Certificate Authority” certificates into your computers stores. Unfortunately different appplications use different stores. Follow the appropriate procedures below for each of the applications that you have installed/use.

Once this procedure is completed you should not be prompted for mismatching certificates on the Oldelvet servers again.

Internet Explorer/Outlook/Outlook Express

Internet Explorer and Microsoft email clients all use the same certificate store. The easiest approach is to use Internet Explorer to navigate to the CAcert root page and click on the appropriate certificates to run/install them.


Download/install both Root and Class 3 keys in PEM format.

Choose “Save” to download and save the certificate file.


Save in a suitable location. The exact location is not important.

When the download is complete click “Open” to install the certificate.

Use “Install Certificate” to initiate the install itself.

The certificate install wizard is now open. Click “Next” to move onto the next screen.

Accept the default save location.

Click finish to complete the install.

Confirm the install by clicking “Yes”.

The install is now confirmed and is ready for use.


Firefox uses its own certificate store. New entries can be added easily by following the PEM links from the CAcert root download page.

Download/install both Root and Class 3 keys in PEM format.

When prompted save accept the certificate for each of “web sites”, “email users” and “sofware developers”.


Thunderbird uses its own certificate store in a similar way to Firefox. However this requires that you save the certificate files from the CAcert root keys download page and then import them manually.

Select the “Tools” -> “Options” menu entry.

Under “Advanced” select the “Certificates” tab.

When the Certificate Manager shows select the “Import” option.

Now select the previously saved root and class3 certificate file.

Tick to trust “web sites”, “email users” and “software developers”. Then select “OK”.

The imported certificates will be visible under “Root CA” in the Authorities tab.


To install the certificates in Opera just visit the CAcert root keys download page and follow the next few simple steps.

Download both the root certificate and class3 certificate in PEM format.

Confirm that the certificate authority should be installed.

Optionally view the certificate contents to make sure that it is authentic.

Confirm that certificate import.


Navigate to the CAcert root page and then install each of the appropriate certificates.

Visit the CACert download page and download the root and class3 certificates.

  Select “Install” to move the installation along.

Confirm the installation.

The installing profile dialog will show for a few seconds.

  The installation is now confirmed.

Android Phone

To be completed.