[CLUE-Tech] cheap/free certificate authorities
Charles Oriez
coriez at oriez.org
Fri Jun 18 17:39:15 MDT 2004
At 05:19 PM 6/18/2004 -0600, David Anselmi wrote:
>Brandon N wrote:
>[...]
>>I'm just curious if others have had any experience with CA's, and have
>>any tips. Also, does anyone know of javascript, php or something
>>script that will point users to the cacert root certificate if it
>>notices they don't have it?
>
>I've commented before (here or on CLUE Admin) that I don't think CAs are
>worth what they charge. And more so if their root certs aren't
>preinstalled (but that's me, YMMV).
>
>As for getting the root cert to the users, if Apache has the right MIME
>type for the cert, Mozilla will do something sensible when a cert is
>downloaded. IE does something different, I don't remember if it is
>sensible or not. (You can link to the root cert at the CA, or keep a copy
>on your server.)
what they do is not sensible. also not logical. I have one desktop
running Win 2K (dual boot). After verisign did its tld hijacking, I
decided in a snit that I would no longer consider them a trustworthy CA,
and deleted them from the CA table. All went well until I went to upgrade
the IE version I had on that machine. What I discovered was that the M$FT
updates relied not on an M$FT cert, but a verisign cert. Rather than
giving me an opportunity to decide whether to ignore the fact that they
were offering a cert from what I considered an untrustworthy source, they
aborted the update. I had to restore verisign to my cert table to complete
the MSFT update. I asked on one of the MSFT usenet groups why they were
using Verisign instead of their own certs, but never got a satisfactory answer.
Charles Oriez coriez at oriez.org
**
Save the hermetic seals.
More information about the clue-tech
mailing list