FYI for list users, we to have searched long and hard
for the steps to be a "bundled root CA"
No one seems to be able to give us an answer at Microsoft,
nor locate an accurate URL, guess that is no suprise.
The best we got from Netscape was this URL
http://home.netscape.com/security/caprogram/index.html
" This program is open to certificate authorities that bundle their root
public keys with Netscape Communicator. For more information on joining
the program, email the program administrator.
mailto:[EMAIL PROTECTED] "
We tried email to this email address and got no response, no surprise.
WE did get a better response from Opera:
----- Forwarded message from "Yngve N. Pettersen" <[EMAIL PROTECTED]> -----
Subject: Re: certificate of authority
Our general procedure is that we need official documents that confirms
that the Certificate Authority exists, such as authorized copies of
company registration papers and the company's Annual Report (in english
translation if necessary). We would also like an estimate of the number of
customers and sales revenue. Domain name registration papers are also
useful.
Of course, we will also need the certificate(s) in X509 DER format,
confirmation of the signature(s) , and access to testfacilities where the
certificates can be tested.
We are considering to set up a general contract which will be free of
cost, but have not done so yet. If you instead would like to have a
special contract we have decided to charge for the cost of negotiating the
contract, and the installation and testing of the certificates (prices
have not yet been set).
------------------------------------------
I think that it would be a good to have a section on "bundled root CA"
for Simos' bookon openpki http://ospkibook.sourceforge.net
If anyone else out there has some more information on this please
send it to the list. I suspect like ourselves others have wasted effort
with Netscape and MSIE trying to determine their process for picking
root CAs that they bundle.
Right now the only "easy" way to be root ca I think is to
pay for being a Chained CA Serverce from Thawte or Verisign (same company)
but you gotta adhere to a lot of rules and use approved software only
and I'm not sure openssl compiled by self will be acceptable....
Of course for an enterprise that is afraid of opensource they
could go the MS solution, I for one do not want this to be the only option
for us in the future.......
Microsoft Windows 2000 will ship with an integrated public key
infrastructure and CertSrv 2.0, which will have a more complete user
interface, built-in support for CA hierarchies, and additional
capabilities such as a time-stamping server.
On Mon, 24 Jul 2000, Simos Xenitellis wrote:
> For certificates you buy, the "root certificate" is already there
> in your browser so your client can connect with SSL transparently.
>
> I heard that putting your root certificate in a browser costs
> a lot lot of money. Can someone verify/provide links on this procedure?
> simos
> http://ospkibook.sourceforge.net (new version out, 2.4.7)
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
