Paul, > I want to become my own Certificate Authority! > (I didn't use openca but want to know if it works for me before > installing)! I own two openbsd webservers (with apache2) where I need a > certificate for one of my customers! I can sign my own certificates and > inport them into Apache but in netscape and IE it tells me, this ca is not > trusted and users have to klick ok or install my ca-cert! Do I have to buy > one of those certs from verysign and the like or can I do this with openca? >
OpenCA can sign web server certs, this is not a problem at all. Your problem is that you want browsers to trust the web server certs you sign. Browsers have a list of root authority certs that they trust by default (in IE look in Tools, Internet Options, Content, Certificates, Trusted Root Certification Authorities for a list of trusted root certs). You have two main options: 1. Buy a web server cert from an authority your users trust (Verisign, etc), easy at about �100. 2. Get you users to trust your certificate authority (i.e. add in the trusted root cert to all of your users browsers (this could be a big old process unless you have managed desktops and then you can just blat them a file.....) I hope this helps you. Chris... ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
