http://slwww.epfl.ch/SIC/SL/CA/
Does ANYONE recommend this? has anyone ever tried this?
Thanks,
David K.
Full Version: Setting up your own CA
Yes, I started doing that, but it was a big hassle. I stopped when I found:
http://www.cacert.org/
The only free certificate authority that I'm aware of. I'm setup with a cert from them...was able to add it via Plesk without too much trouble. Seems to work great. Only problem is that IE doesn't recognize it as a root, so your users will have to download the root cert first (they'd have to do this if you setup your own authority anyways).
I figured there's no point in reinventing the wheel. You can manage your certificates right online and everything.
http://www.cacert.org/
The only free certificate authority that I'm aware of. I'm setup with a cert from them...was able to add it via Plesk without too much trouble. Seems to work great. Only problem is that IE doesn't recognize it as a root, so your users will have to download the root cert first (they'd have to do this if you setup your own authority anyways).
I figured there's no point in reinventing the wheel. You can manage your certificates right online and everything.
Yeah i signed up with CAcert too. They sent me some damn email cert, but for the life of me it can't be used....lol
I just signed up for the SERVER cert, and now am waiting on it to arrive.
Just got it and installed it, now let's wait for my sub-domain to resolve. :-)
David K.
I just signed up for the SERVER cert, and now am waiting on it to arrive.
Just got it and installed it, now let's wait for my sub-domain to resolve. :-)
David K.
Why would you want to use a CA that isn't recognised by 95% of all web browsers. You may as well just self sign.
Because it's easier, that's why. I assume we are NOT talking about certificates for online stores, but for support sites and the like. In that case it's easy enough to instruct the user to download the root certificate so they don't continue to get warnings.
cecart is soon to be accepted by serveral browsers:
QUOTE
Please Note: CAcert Inc. is in the process of negoiating with browser and email program vendors to have the root certificate installed in their software by default, until that occurs it's suggested commercial use would be limited to early adopters, internal company use and custom software that distributes the root certificate. While we encourage commercial and enterprise use of PKI, and CAcert Inc. services inparticular, however due to the nature of the PKI industry we are limited in capacity at what can be achieved for free at this stage.
It's not exactly hard to self sign. Then your client can add your domain to their whitelist in their browser.
I will still self sign for less important stuff and full CA cert for ecommerce.
It should be noted that they are trying to get added to mozilla (no mention of IE yet) in which case they will still only be installed on 5% of all browsers!
No new version of IE due for release until 2005. Don't expect them to be supported any time soon.
I will still self sign for less important stuff and full CA cert for ecommerce.
It should be noted that they are trying to get added to mozilla (no mention of IE yet) in which case they will still only be installed on 5% of all browsers!
No new version of IE due for release until 2005. Don't expect them to be supported any time soon.
QUOTE
Originally posted by Rich2k
No new version of IE due for release until 2005. Don't expect them to be supported any time soon.
No new version of IE due for release until 2005. Don't expect them to be supported any time soon.
Well, I missed that part :/
It's guess work based on:
1) Microsoft announced no new standalone versions of IE, new versions will only be bundled with new OS's
2) Longhorn pushed back from 1st qtr 2005 and now not known!
1) Microsoft announced no new standalone versions of IE, new versions will only be bundled with new OS's
2) Longhorn pushed back from 1st qtr 2005 and now not known!
QUOTE
No new version of IE due for release until 2005. Don't expect them to be supported any time soon.
Just because a new version isnt not being released doesnt mean they can't add a new cert, This could be done through windows update as a patch, Matter fact if you check your windows update list of installed patches one of them is most likely a root cert update.
Unless there was a finanicial incentive for MS do you really think they'd bother doing that?
The smart people here will start adding CACert patching software to their products that work with their hosting, such as free FTP and Telnet programs. Far be it from MS to get hit with the same tactic for altering the settings of browsers they don't own. 
Besides, the incentive for MS to add the cert to IE is the same reason they finally supported PNG images... They are always playing catch-up to Netscape/Mozilla, even though they have infinite more resources. If you see Mozilla support even "considered", IE will come running. That, and the more sites that use CAcert, the more they will be pressured to support it. Take Ev1servers... if the majority of us used them, that's a large chunk of websites that IE wants their millions to be compatible with.
Then again, that's maybe too much logic to expect from the one-size fits all MS-opoly.
Besides, the incentive for MS to add the cert to IE is the same reason they finally supported PNG images... They are always playing catch-up to Netscape/Mozilla, even though they have infinite more resources. If you see Mozilla support even "considered", IE will come running. That, and the more sites that use CAcert, the more they will be pressured to support it. Take Ev1servers... if the majority of us used them, that's a large chunk of websites that IE wants their millions to be compatible with.
Then again, that's maybe too much logic to expect from the one-size fits all MS-opoly.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.