This should be more widely understood: an application considers a CA
trusted because some human told it so. There is no other way.
The recognized CAs are trusted by e.g. your browser because the
maker of the browser decided to trust them and so put them into the
list of trusted CAs that is
Thanks Mark, that was an extremely helpful explanation. When I asked
this question I was hoping to learn if CA certs are self-signed or if
there is some other procedure to authenticate a CA cert as being
legitimate. From your explanation it sounds like all CA certs are
generated by the CA
Of Dallas Clement
Sent: Friday, May 28, 2010 8:05 PM
To: openssl-users@openssl.org
Subject: How to make a legit CA cert?
This is probably a dumb question, but if I wanted to be come the next
Verisign of this world, how do I create a legitimate CA cert? I'd
like to be able to create my own
On 28-May-10, at 8:04 PM, Dallas Clement wrote:
This is probably a dumb question, but if I wanted to be come the next
Verisign of this world, how do I create a legitimate CA cert? I'd
like to be able to create my own that passes verification without
throwing errors, like unknown CA.
Well,
As somebody who audits CAs for purpose of them getting into trusted root
list, this is what you have to do:
a) Obtain WebTrust for certification authorities or ETSI 101 456 standard (+
EV guidelines from cabforum.org)
b) Implement systems in line with one of these standards. Not cheap. HSM
devices
Thanks all for the information. This is good stuff to know too. What
I was really trying to understand is the nuts-n-bolts mechanics of how
a legit CA certificate differs from a self-created one (I know, this
is a dumb question...)
For example, I can create my own for test purposes this way:
on behalf of Dallas Clement
Sent: Sat 5/29/2010 5:49 AM
To: openssl-users@openssl.org
Subject: Re: How to make a legit CA cert?
Thanks all for the information. This is good stuff to know too. What
I was really trying to understand is the nuts-n-bolts mechanics of how
a legit CA certificate
On Saturday 29 May 2010 12:02:44 a list member wrote:
As somebody who audits CAs for purpose of them getting into trusted root
list, this is what you have to do:
a) Obtain WebTrust for certification authorities or ETSI 101 456 standard
(+ EV guidelines from cabforum.org)
b) Implement systems
This is probably a dumb question, but if I wanted to be come the next
Verisign of this world, how do I create a legitimate CA cert? I'd
like to be able to create my own that passes verification without
throwing errors, like unknown CA.
Thanks,
Dallas
5/28/2010 5:04 PM
To: openssl-users@openssl.org
Subject: How to make a legit CA cert?
This is probably a dumb question, but if I wanted to be come the next
Verisign of this world, how do I create a legitimate CA cert? I'd
like to be able to create my own that passes verification without
throwing
10 matches
Mail list logo