Free SSL certs

[Jason Stephenson]

Michael O'Donnell wrote:

> I think I heard that the primary advantage the Big Name
> CA's have is that they got grandfathered in such that
> they're in the short list of those that the various
> browsers (IE Explorer, NetScape, etc) are preconfigured
> at build time to recognize by default.  As you indicate,
> there's otherwise nothing magic or sacred about them.

Yes, and there is a way to add other recognized authorities. In Mozilla 
& Netscape it's under Edit->Preferences, and then choose Privacy and 
Security. If you go to Manage Certificates, you can import new 
Authorities under the Authorities tab.

I've suggested among some of my associates that we set up an authority 
who issues us all certificates and then we just add the authority in our 
browsers and other apps. They've not taken me up on the idea, yet.

> Heck, when you consider that (for example) VeriSign owns
> (or is) Network Solutions (who don't exactly have a stellar
> reputation for fair dealings or even basic competence)
> the whole notion of "trusted" gets even shakier...

Yeah. It is a bit shaky. For instance, I'd trust a certificate signed by 
someone I know more than one signed by Verisign. That said, I still do 
E-commerce.

BTW, I've used self-signed certificates in the past. It's what we used 
on the web mail server at the University of Kentucky's College of 
Engineering. It's quicker and cheaper than getting a "real" one and you 
have a limited user base that is somewhat informed on these matters.