I've read the faqs and I haven't found the answer... Where do the (CA) certificates that come with Mozilla come from? I mean how do they decide which ones to include and how did they get them.
Mozilla's standard certificate database is maintained through Netscape's Root CA program. The CA's that wish to be added send in their certificates themselves. You have to submit some basic information about your organization and your certificate but I think anybody willing to pay the $150.000 "engineering fee" can get their certificate in. You can read more about my attempt to get a certificate included in Mozilla in an earlier thread titled "Root certificates" (started 03/02/2003).
As for the question of whether root certificates can be redistributed freely, my guess is as good as yours but many CA's publish their certificates on their websites. The terms governing the certificates can probably be found there too.
- Anders Feder
