fredmastro
asked on
CA SSL Certificates Trusted over the Web
I know how to setup a CA server for internal use and issue SSL certificates. But of course when visitors use them it says it can not verify or trust the CA.
How do I create a CA server so that SSL Certificate can find my server and "trust" the certificate?
How do I create a CA server so that SSL Certificate can find my server and "trust" the certificate?
as far as I am aware if I am understanding you correctly, what you are referring to is the fact that the CA server you are using is not one that is listed as a trusted source out on the internet... typically, trusted CA's are Verisign, Thwarte, etc....
ASKER
Ok then, how do I make my CA a trusted source? I want to sell my own SSL Certificates.
heh.... not that easy....
ASKER
:) Well that's why I'm asking on here. I'll up my points then. to 150. or more? What's the process or what do I need to do?
ASKER
Or even if my SSL server is a subordinate of someone elses, just want to be able to issue out tickets and they not come up with a red X
Now anybody can set up a CA server and place it on the internet, the problem is if anyone will trust you. I would say probably no. The trusted CAs have been around for a while (Verisign, Thawte) and will be trusted by default on most browsers. To be trusted by other people, they must believe that the certificates that you are giving out are true and will unlikely be tampered with (can you say that?).
If you want your web application to be trusted over the internet then purchase a certificate from the trusted third parties as suggested above.
If you want your web application to be trusted over the internet then purchase a certificate from the trusted third parties as suggested above.
ASKER
Well what about all these people selling their own SSL's for like $39 a year. They are everywhere.
Here's a quick list I pulled together
http://www.servertastic.com/store/prodtype.asp?PT_ID=94&strPageHistory=cat
http://www.ev1servers.net/english/quickssldetails.asp
http://www.rapidssl.com/ssl-certificate/ssl-products.html
http://www.instantssl.com/ssl-certificate-products/ssl/ssl-certificate-instantssl.html?currency=USD®ion=North%20America&country=US
So are thier tickets not trusted?
Here's a quick list I pulled together
http://www.servertastic.com/store/prodtype.asp?PT_ID=94&strPageHistory=cat
http://www.ev1servers.net/english/quickssldetails.asp
http://www.rapidssl.com/ssl-certificate/ssl-products.html
http://www.instantssl.com/ssl-certificate-products/ssl/ssl-certificate-instantssl.html?currency=USD®ion=North%20America&country=US
So are thier tickets not trusted?
It's all a matter of how trusted they are and whether people will trust them. I myself don't trust anybody except Verisign and Thawte. Also remember, these CAs will also have put alot of security in their systems to ensure that the certs are not tampered with and would have gone through enough verification to prove that the hosts are who they say they are.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Well OpenSSL? That's all command based looking, I'm using MS CA Server.
I know how to seutp CA's just wasn't sure how to make it so browser could "trust" it. I thought they pinged back the CA server but guess I was wrong. So Verisign has a deal with MS or whoever to trust there certs it seems...
Just Verisign is quite expensive. I will look into Web Trust and see if I can be a subordinate of thier CA.
Thanks.
I know how to seutp CA's just wasn't sure how to make it so browser could "trust" it. I thought they pinged back the CA server but guess I was wrong. So Verisign has a deal with MS or whoever to trust there certs it seems...
Just Verisign is quite expensive. I will look into Web Trust and see if I can be a subordinate of thier CA.
Thanks.