My blog has moved and can now be found at http://blog.aniljohn.com

No action is needed on your part if you are already subscribed to this blog via e-mail or its syndication feed.

Sunday, November 23, 2003
« Secure Coding: Using Restricted Tokens t... | Main | Security Related C# Code Samples »

CACert.org is a public Certificate Authority (CA). For non-admin types, this is a self-proclaimed issuer of free SSL certificates.

Is it worth anything? Like a lot of other things on the Internet, the answer is "it depends". It depends on how well people trust the site and use it. Note: You don't have to use Verisign, you can issue your own certificates. Verisign's strength is that, by way of government sponsorship, the majority of users "trust" it as a CA.

Update: For those that are interested in rolling your own, check out the "OpenSSL Certificate Cookbook".

[joatBlog]

Majority of users trust Verisign as a CA because they don't get any scary certificate messages when they browse to a site that is protected using a SSL Cert issued by Verisign. This has more to do with the fact that the major browser vendors have by default included Verisign as a trusted CA.

UPDATE:  Just saw Dana's post about this topic. Lot more info and definitely worth a read.

[Now Playing: Chunari Chunari - Monsoon Wedding]

Tags:: Security
11/23/2003 1:17 PM Eastern Standard Time  |  Comments [1]  |  Disclaimer  |  Permalink   
Sunday, May 8, 2005 12:06:54 AM (Eastern Daylight Time, UTC-04:00)
What Dana fails to mention is most of the commercial CAs paid up to US$250,000 to be included and had some fancy documentation written up, this doesn't make them trust worthy, just has a bigger bank account...
Duane
Comments are closed.