• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 412
  • Last Modified:

CA SSL Certificates Trusted over the Web

I know how to setup a CA server for internal use and issue SSL certificates. But of course when visitors use them it says it can not verify or trust the CA.

How do I create a CA server so that SSL Certificate can find my server and "trust" the certificate?
0
fredmastro
Asked:
fredmastro
  • 5
  • 4
  • 2
2 Solutions
 
RevelationCSCommented:
as far as I am aware if I am understanding you correctly, what you are referring to is the fact that the CA server you are using is not one that is listed as a trusted source out on the internet... typically, trusted CA's are Verisign, Thwarte, etc....
0
 
fredmastroAuthor Commented:
Ok then, how do I make my CA a trusted source?  I want to sell my own SSL Certificates.
0
 
RevelationCSCommented:
heh.... not that easy....
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
fredmastroAuthor Commented:
:) Well that's why I'm asking on here.  I'll up my points then. to 150. or more? What's the process or what do I need to do?
0
 
fredmastroAuthor Commented:
Or even if my SSL server is a subordinate of someone elses, just want to be able to issue out tickets and they not come up with a red X
0
 
pazmanproCommented:
Now anybody can set up a CA server and place it on the internet, the problem is if anyone will trust you. I would say probably no. The trusted CAs have been around for a while (Verisign, Thawte) and will be trusted by default on most browsers. To be trusted by other people, they must believe that the certificates that you are giving out are true and will unlikely be tampered with (can you say that?).

If you want your web application to be trusted over the internet then purchase a certificate from the trusted third parties as suggested above.
0
 
fredmastroAuthor Commented:
0
 
pazmanproCommented:
It's all a matter of how trusted they are and whether people will trust them. I myself don't trust anybody except Verisign and Thawte. Also remember, these CAs will also have put alot of security in their systems to ensure that the certs are not tampered with and would have gone through enough verification to prove that the hosts are who they say they are.
0
 
RevelationCSCommented:
those sites are all ordering their certs from the same group from the looks of it and bear the seal from WebTrust... I do not know if they are trusted by everyone, however -

https://cert.webtrust.org/ViewSeal?id=212
http://www.webtrust.org/certauth_fin.htm

I believe that we might be getting a little bit away from the original question here.....
0
 
RevelationCSCommented:
also, try taking a look at the following doc which I believe does what you are looking for using OpenSSL....

http://www.eclectica.ca/howto/ssl-cert-howto.php
0
 
fredmastroAuthor Commented:
Well OpenSSL? That's all command based looking, I'm using MS CA Server.

I know how to seutp CA's just wasn't sure how to make it so browser could "trust" it.  I thought they pinged back the CA server but guess I was wrong.   So Verisign has a deal with MS or whoever to trust there certs it seems...

Just Verisign is quite expensive.  I will look into Web Trust and see if I can be a subordinate of thier CA.

Thanks.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now