"Peter H.M. Brooks" <[EMAIL PROTECTED]> wrote in message a2k938$3ih$[EMAIL PROTECTED]">news:a2k938$3ih$[EMAIL PROTECTED]... > So, we're all set to have a firewall, SSL connections and a good secure > OS solution. > > However, somebody is convinced we need to issue and manage our own > public keys. The managing is fine, Apache will do that. If we were not > doing this commercially the issuing would be fine to, just use PGP. > > However, this is a commercial web site. So, what is the best option? [...] > Any suggestions welcome!
You can't beat free: http://www.openssl.org Of course, it takes a fair bit of work to understand it, but it does provide PKI functions for signing x.509 certificates, which are what are used for SSL and S/MIME encryption. I think to have your "issuing" certificate be tied in to a "root" CA, you'll need to purchace such an "intermediate" lisence from verisign or another "Root" CA, which may be what costs. But barring that, I think openssl is a good choice. Regards, Sam
