As far as I know, whenever a browser receives a certificate it looks for
the signer against its database. If the signer is found then the
certificate is accepted otherwise the user is warned about the unrecognized
CA and asked for confirmation. In order to avoid such warning and
consequent confirmation request, the signer CA must be found in the browser
database. Having your CA certified by another notorious CA would make your
server certs fully accepted by common browsers. I expect this to be a very
expensive process. Reasons are obvious....
Costantino Imbrauglio
Information Technology -
Banca IMI - Milan
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
