Welcome is working to provide Free digital certificates, available to everyone. I encourage you to visit their FAQ pages. Check out the FAQ index on the CAcert Wiki to learn more about the assurance process. Their "More Points, More Privileges" wiki page describes the different types of certificates available and the requirements for each of them.

I wrote this web page as a point of information for those who contact me regarding assurnace. It is much easier to point people to this web page then to write instructions for arranging to meet with me each time I get an inquiry. The best way to reach me and arrange to meet is by sending me e-mail. For more about meeting with me to be assured, please read on. Assurance

Assurance Points

My name is Ken Schumacher. I became an assurrer for at the 2004 LISA Conference held in Atlanta, GA. At that conference, I was able to earn 150 assurance points. Your asking yourself "Why do I care?" It means that I can assign you up to 35 assurance points. How many assurance points are actually assigned is based on the type of identification documents that you provide when we meet face-to-face.

You need to collect 50 assurance points in order to get an assured client certificate or an assured server certificate. You need to collect 100 assurance points in order to get a code signing certificate. Since one assurer can give you up to 35 points, you will need to meet with at least two assurers in order to collect 50 points and at least three to collect 100 points. And once you collect 100 points, you qualify to become an assurer yourself. Please review the CACert webpage for full details regarding point levels, benefits and limitations.

Too far to travel

If you live in an area where few if any local assurers are available, CAcert has a process in place for Trusted Third Party (TTP) assurances. In the US, a licensed Notary Public is approved to conduct TTP Assurances. See my "TTP Assurance" section below for details.

Assurance process

I encourage you to review the CAcert Community Agreement (CCA) first. To participate in the assurance process, you need to review and agree to the CCA. You should create an account and log in on the web pages. Since you are reading this page, it is likely you have already gotten through signing up and may have used the web site to locate me as a local assurer.

Please follow the instructions on the CAcert web site and have the proper CAP form printed and available when we meet. After you log into the web site, you will find the links for printing the Assurnace form are available under the heading "CAP Forms". Do not sign the form until you meet with the assurer. The assurer needs to witness you signing the form in person. Bring the printed form along with your Identifcation documents when you meet with an assurer. The assurer will need to keep the signed form. If you want to keep a copy for yourself, please bring two copies of the form. You will need one copy of the unsigned assurnace form for each assurer that you meet with. I normally have some blank forms handy (just in case).

Past Events

I attended my first CAcert assurance event at the 2004 LISA conference in Atlanta, GA. I earned 150 assurance points at that event where I assured 35 people and I was assured by 24 people new to the process. I led the CAcert event (and a GPG Key signing) at the LISA'09 conference in Baltimore, MD, at the LISA'10 conference in San Jose, CA and at the LISA'12 conference in San Diego, CA.

As of April 15, 2014, I have made 73 face-to-face assurances and been assured by 39 others. The reason that this many people have assured me was so that they could earn experience points and practice the assurance process.

Want More Details?

I won't presume to suggest that I can explain all this better than the CAcert community members who participate in the development of the Assurance FAQ on the CAcert Wiki. I will say that the Wiki is a valuable work in progress. You should review the Approved Policies page for the definitive explaination of how this whole process works. If/When we meet, I will do my best to answer any questions you have as we work through your assurance.

As a side note, let me say that I hope I have not made this process sound too difficult. In fact, it is straight forward and very well defined. In order for the root certificates to be accepted for wider distribution, we need well defined policies and procedures. As you go through the assurance process, I hope you will agree that the CAcert process is well designed, thoughtfully implemented and very trustworthy.

Arrangements to Meet

I am available to meet up with you. I would ask that you make the effort to meet me somewhere in my general vacinity. I live and work in the western suburbs of Chicago. I work at Fermi National Accelerator Lab in Batavia, IL. I live in Wheaton, which is approx 26 miles straight west of downtown Chicago, near the center of DuPage County. I try to post announcements when I am attending conferances or other professional meetings. If you have reason to visit Fermilab, we can easily arrange to meet.

CAcert policies allow me to ask a fee to cover my expenses in meeting to assure you. I do not require any such fee, as long as you make the trip to a point within a reasonable distance from my home, work or along my commute. If the location we choose is outside of my normal travels, I may ask you for a reasonable compensation to cover my time and travel. Don't panic, that could mean that we agree to meet at a coffee shop somewhere between us and your buying our coffee. If any such fee is involved, we will agree on the amount in advance of our meeting, in accordance with CAcert policy.

Trusted Third Party (TTP) Assurance

In Sept 2013 I became a TTP Assurance Administrator. The TTP Assurance program was set up for those who live in areas that don't have local assurers. The program allows a person to be assured via a Trusted Third Party (TTP). In the USA, we recognize a comissioned Notary Public as a TTP.

Each TTP assurnace that a person completes is good for 35 assurance points. A person can only get two TTP Assurances, for up to 70 points. You can help by earning the full 100 assurance points through our TOP-UP program. Then you can become an assurer in your area.

For more information on the TTP Assurance process, please visit the TTP User Guide.

Additional Information


The orgnaizations listed here hold events which I occasionally attend. Feel free to contact me and we may be able to meet at such an event.

USENIX & the LISA Sig (formerly SAGE)


As I mentioned above, I got involved with while attending the 2004 LISA Conference in Atlanta GA. I attended the 2009 LISA Conference in Baltimore, MD, the 2010 LISA Conference in San Jose, CA and the 2012 LISA Conference in San Diego, CA. At each of those events, I presented a CACert BoF session.

The 2013 LISA conference was held in Washington, DC, Nov 3-8, 2013. I was unable to attend that event, but I had a couple friends who stepped up to lead the CAcert and PGP Key Signing events using presentation slides I had developed for previous events.

I was an invited speaker at the LISA'14 conference. The conference was be Nov 9-14, 2014 in Seattle, WA. My presentation was on Lessons Learned regarding my Batch Accounting experience with the LQCD Experiment and the HPC Department at Fermilab.

LOPSA - League of Professional System Administrators


I first encountered LOPSA at the LISA'09 conference in Baltimore, MD. Several of the LOPSA members I met at that conference attended my CAcert BoF session and already were or became assurers. While there are local LOPSA groups in a few places, we don't have a local chapter in Chicagoland (yet!). If you do find a local LOPSA meeting where you are, you may be able to find an assurer there.

UniForum Chicago

UniForum Chicago meets monthly. They have been meeting at the Rice Lake campus of IIT in Wheaton, IL. I have attended several of their meetings. I was their speaker in Nov 2013, speaking about PKI and I am willing to meet with you at one of their meetings for a CACert assurance or PGP Keysigning.

Network Communities


View Ken Schumacher's profile on LinkedIn I am part of the "LinkedIn" network. Visit my profile on their system. I am also a member of the CACert Community Group on LinkedIn.

GSWoT - Gossamer Spider Web of Trust

I have been using PGP for digital signatures and encryption since 1994. I attended my first key signing event at LISA'97. I have hosted many such events since then. Mostly at more recent LISA conferences.

In Oct 2009, I became an introducer for the Gossamer Spider Web of Trust (GSWoT). I won't try to write a better description than you can find on the GSWoT About Us webpage. Our Web of Introducers affirm that we will strictly adhere to the GSWoT practice guidelines. Many of the Introducers who participate in GSWoT are also Assurers with After all, both groups are about verifying identities.

Online Identity Management


I had used to document my on-line identity. I was working toward listing all of the web pages I have developed on my ClaimID profile. In Nov 2009, I wrote an article called "Claim Your On-line Identity" where I discuss the benefit of a service like theirs.

In November 2013, shut down its services. I have a Blog post about this called "RIP". I have not set up any sort of replacement page(s) to provide me the same sort of listing of those pages and postings that are really my own work.

Best viewed with ANY browswer Get Firefox! Get Thunderbird! Created by XEmacs editor!

The URL for this page is

Valid XHTML 1.0! XHTML 1.0 Transitional using Cascading Style Sheet. Valid CSS! Checked by Tidy!

This page is maintained by: Ken Schumacher <> © Copyright 2007-2013. Ken Schumacher
Constructive comments are always appreciated. Please send mail to the author with any such suggestions.

Last modified: Thu Nov 21 10:36 CDT 2013