If you wish to use our Certificate Authority keys to automatically verify SSL certificates or personal keys that were signed by the "Astrally.com" certificate Authority, you will need to import the following certificates into your browser, or email client, then set the trust settings on that imported root certificate as appropriate.

The following links can be used to retrieve the certificate authority information:

Astrally.com CA (Certificate Authority)

• root certificate
• text view of root certificate

Astrally.com CRL (Certificate Revocation List)

• CRL
• Text view of CRL

• https: connections to www.astrally.com
• Authenticate roaming users that have an astrally.com account.
• Allow roaming users to use SSL/TLS with an SSL/TLS enabled email client when accessing their astrally.com email accounts.
• Provide S/MIME email functionality (digital signatures and/or email message body encryption) for .com users.
• Provide a mechanism for people to be able to verify digital signatures on software signed by our users.

The "Astrally.com" root CA is NOT a public Certificate Authority!

We (my Wife and I) created this CA primarily for our own private use, and possibly for use by our close personal friends and/or family members who have a need for having such a thing but don't want to pay exorbitant fees to a public Certificate Authority.

Please DO NOT send us any certificate requests to sign unless you are one of our users with an active .com account in good standing or are otherwise invited to do so.

Uninvited certificate signing requests will be denied, especially if we don't know you personally or have no idea who you are.

If you have an account on .com and send us a certificate request for a personal certificate we must be able to verify your identity before the personal certificate will be issued. The common name on the request must be set to your real name, and the email address must be set to either a working .com email address that belongs to you, or to an email address that we know for a fact belongs to you and will not be used by anyone other than you.

Also note that software such as openssl that enable the use of strong encryption algorithms are subject to US export laws. If you are not a US citizen residing in the US at the time of the request, we will not issue you a certificate. If you need such a certificate for use outside of the US, please have the certificate issued to you by a public certificate authority and check the laws of the countries you plan to travel in as there may be other laws in those countries that you will be required to honor.

Although we don't anticipate it being likely that we'll need to revoke certificates since we don't plan on issuing that many, nevertheless this needs to be stated:

• We reserve the right to deny or revoke certificate(s) issued by us at any time for any reason, or for no reason.
• We reserve the right to terminate this service at any time without notice, for any reason or for no reason.
• Any abuse that involves a certificate signed by us may result in revocation of the certificate, termination of your .com account access and possibly cleanup fees. If such abuse involves illegal activity it will be reported to appropriate authorities along with any evidence.

That said, if we do choose to do revoke a certificate or terminate service, we'll most likely attempt to give advance notice as a courtesy before doing so.

By signing a certificate request presented to us we swear under penalty of purgery that:

• We know who you are and to the best of our knowledge and belief you are who you say you are.
• We have made a reasonable effort to verify that you are a United States citizen and were residing in the United States at the time your certificate was signed.

Documents providing a verifiable positive ID, a background check, and or other forms of ID verification may be required unless we've known you from birth, even if you are a friend.

If you are lucky enough to actually get a certificate issued by the Astrally.com CA, you are expected to use it in a responsible, legal, and ethical manner. If we determine that your certificate is used for illegal, irresponsible, or unethical purposes it will result in the certificate being revoked. We are committed to high ethical standards. We expect no less from anyone we choose to endorse.

If you think that your certificate has been compromised, you will need to report it as soon as possible, so that it can be revoked and a new one issued.

Paying a fee for service, having a .com account, or being a friend or family member does not entitle you to or guarantee you a right to have us sign your certificate request.

Astrally.com
Attn: Steve Schwartz
3364 N. Lake Harbor Ln.
P-102
Boise, Idaho 83704

Page last updated: 02 Mar 2008
This web page is maintained by: webmaster@astrally.com
© 2006 by Astrally.com & Ordania MUD all rights reserved.
URL:  http://www.astrally.com/Astrally_CA.htm