Link to home
Start Free TrialLog in
Avatar of fredmastro
fredmastroFlag for United States of America

asked on

CA SSL Certificates Trusted over the Web

I know how to setup a CA server for internal use and issue SSL certificates. But of course when visitors use them it says it can not verify or trust the CA.

How do I create a CA server so that SSL Certificate can find my server and "trust" the certificate?
Avatar of RevelationCS
RevelationCS
Flag of United States of America image

as far as I am aware if I am understanding you correctly, what you are referring to is the fact that the CA server you are using is not one that is listed as a trusted source out on the internet... typically, trusted CA's are Verisign, Thwarte, etc....
Avatar of fredmastro

ASKER

Ok then, how do I make my CA a trusted source?  I want to sell my own SSL Certificates.
heh.... not that easy....
:) Well that's why I'm asking on here.  I'll up my points then. to 150. or more? What's the process or what do I need to do?
Or even if my SSL server is a subordinate of someone elses, just want to be able to issue out tickets and they not come up with a red X
Avatar of pazmanpro
pazmanpro

Now anybody can set up a CA server and place it on the internet, the problem is if anyone will trust you. I would say probably no. The trusted CAs have been around for a while (Verisign, Thawte) and will be trusted by default on most browsers. To be trusted by other people, they must believe that the certificates that you are giving out are true and will unlikely be tampered with (can you say that?).

If you want your web application to be trusted over the internet then purchase a certificate from the trusted third parties as suggested above.
It's all a matter of how trusted they are and whether people will trust them. I myself don't trust anybody except Verisign and Thawte. Also remember, these CAs will also have put alot of security in their systems to ensure that the certs are not tampered with and would have gone through enough verification to prove that the hosts are who they say they are.
ASKER CERTIFIED SOLUTION
Avatar of RevelationCS
RevelationCS
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Well OpenSSL? That's all command based looking, I'm using MS CA Server.

I know how to seutp CA's just wasn't sure how to make it so browser could "trust" it.  I thought they pinged back the CA server but guess I was wrong.   So Verisign has a deal with MS or whoever to trust there certs it seems...

Just Verisign is quite expensive.  I will look into Web Trust and see if I can be a subordinate of thier CA.

Thanks.