Securing Air-Stream Services with TLS/SSL

Many Air-Stream services are configured to use TLS (Transport Layer Security) also known as SSL (Secure Sockets Layer). This provides a secure channel for your application to communicate with the server, and prevents anyone from intercepting your information. This is extremely important on a shared ethernet medium like 802.11 wireless, where packets can be 'sniffed' by other clients while in transit from one location to another. Because of this fact, access to important Air-Stream services from the wireless network will require you to have a secure connection.

For more information on the history of TLS/SSL, see this article on Wikipedia.

Air-Stream Root Certificate

All secure Air-Stream services use certificates that are signed by the "Air-Stream Certificate Authority". This is a special private key that is kept in a secure location with only physical access allowed to it. The Root Certificate is the special public key clients can use to verify the identity of any server using an "official" signed certificate.

For more information on what a Root Certificate is, see this article on Wikipedia.

To remove the warning pop up you receive in your browser/email client, you need to add the Air-Stream Root Certificate to your software's keychain. This will allow your software to correctly verify any certificates signed by Air-Stream.

Download the Air-Stream Root Certificate here

We are looking for volunteers to create guides for adding the root certificate to commonly used applications. If you have successfully done so and would like to create a short how-to with a few images, please forward it to the committee for inclusion in this document.

Obtaining a Signed Certificate

If you are providing a service on the Air-Stream network and would like an "official" signed certificate to use, please forward an email to hat _at_ air-stream dot org with full details of your service, its IP address, hostname, purpose, etc.