16 The certificate server | Contents |
Section 8.2 already provided a lot of information on how to use a certificate server to publish your public (OpenPGP or X.509) certificate. This section will take a closer look at certificate servers, and will show you how to use them with Kleopatra.
Key servers can be used by all programs that support the standards OpenPGP or X.509. Kleopatra supports both types, hence both OpenPGP as well as X.509 certificate servers.
Open the configuration dialog in Kleopatra:
Settings -> Configure Kleopatra...
Now set up a new certificate server under the group Certificate servers by clicking on the New button. Select between OpenPGP or X.509.
In OpenPGP, a default OpenPGP certificate server with the server address hkp://keys.gnupg.net (Port: 11371, Protokoll: hkp) will be added to the list. You can use this server without making any changes - or you can use one of the suggested OpenPGP server addresses on the next page.
For X.509 you will see the following default settings for an X.509 certificate server: (Protokoll: ldap, Servername: server, Server-Port: 389). Complete the information on the server name and basic DN of your X.509 certificate server and check the server port.
If your certificate server requires a user name and password, activate the option Requires user authentication and enter the required information.
The screenshot below shows a configured OpenPGP certificate server:
Confirm the configuration by pressing [OK]. You have successfully configured your certificate server.
To ensure that you have correctly configured the certificate server, it is helpful to start e.g. a certificate search on the server (for instructions, see Section 16.2).
Proxy setting:
If you use a proxy in your network, you should add the parameter
http-proxy=<proxydomain> to the certificate server address in the
Server name column. The full server name could therefore look
as follows:
keys.gnupg.net http-proxy=proxy.hq
You can also review
and if necessary correct the certificate server configurations in the file:
%APPDATA%\gnupg\gpg.conf
Explanations regarding the system-wide configuration of X.509 key
servers can be found in Section 22.5.
We recommend that you only use up-to-date OpenPGP certificate servers, since only they can handle the newer OpenPGP characteristics.
Here is a selection of well-functioning certificate servers:
If you have problems with your firewall, it is best to try certificate servers whose URL begins with: http://
The certificate servers under the addresses
are a collection point for an entire network of these servers; a concrete server will be selected randomly.
Attention: Do not use ldap://keyserver.pgp.com as a certificate server, since it does synchronize with other servers (Status: May 2010).
Once you have configured at least one certificate server, you can now look for and import certificates.
To do this, in Kleopatra click on File -> Search for certificates on server....
You will see a search dialog with an input field into which you can enter the name of the certificate holder - or ideally - the e-mail address of his certificate.
To view the details of a selected certificate, click on the button [Details...].
If you wish to add one of the certificates you have found into your local certificate collection, select the certificate from a list of search results and click on [Import].
Kleopatra will subsequently display a dialog with the import results. Confirm with [OK].
If the import was successful, you will see the selected certificate in Kleopatra's certificate administration.
If you have configured an OpenPGP certificate server as described in Section 16.1, a click of your mouse will send your public OpenPGP certificate around the world.
Select your OpenPGP certificate in Kleopatra and then click on the menu item File -> Export certificate to server....
You only need to send your certificate to any of the available OpenPGP certificate servers, since almost all of these will synchronize on a global level. It may take one to two days until your OpenPGP certificate is actually available worldwide, but then you will have a "global" certificate.
If you export your certificate without first having configured an OpenPGP certificate server, Kleopatra will suggest the default server hkp://keys.gnupg.net.
© 31. August 2010, v3.0.0-beta1 (last minor changes from 21. September 2010)
The Gpg4win Compendium is filed under the
GNU Free Documentation License v1.2.
16 The certificate server | Contents |