Delta XMPP Project

For whatever reason, the ca-certificates package of Debian/Ubuntu does not contain the StartCom root certificates. This may have changed by the time you read this article, but otherwise you’ll probably want to add the root certificates yourself. Here is how to do it the “right way”.

First, securely get a hold of the StartCom root certificates.  (Updated June 27th, 2008) If you have Firefox 3, you can export them from Preferences -> Advanced -> Encryption -> View Certificates.  Otherwise, if you have Firefox 2, then visit this page and right-click save-as on the ca.crt file. It is important that you save-as on the file, because otherwise Firefox will try to import the CA into its own storage and not actually save it to a file like you want.  Save the file as startcom.crt.  If you don’t have at least Firefox 2, or some other already-secured-by-StartCom browser, then you’re stuck going to the above link without protection.  At the time of this writing, the above link only provides the newer startcom certificate.  I don’t know how to obtain the older one other than exporting from Firefox 3.

Next:

sudo mkdir -p /usr/share/ca-certificates/startcom
sudo cp startcom.crt /usr/share/ca-certificates/startcom/
sudo dpkg-reconfigure ca-certificates

Be sure to copy both startcom certificates into the directory if you have them.  In the reconfigure application, choose Ask mode, and select the startcom certificate to have it enabled. You might also take this moment to disable the weird CAs in there. I have no idea how or why Debian decided to trust the CAs that they do. Personally, I enable only the mozilla certs and the startcom certs.

That’s all! StartCom is installed. Now it should work with Psi and Subversion, among other programs.

(Credit to Ralf Hildebrandt for the dpkg-reconfigure hint.)