Hi Damian, This won't be possible. The Verisign certificate in your MS browser is a public root certificate, and you would need the corresponding private key to sign any certificates. Do not expect Verisign to hand over this private key to you!
What you could do is to place your own public root certificate on your home page. Visitors will then have the opportunity to download and install it. After this has been done, the pop-up will not appear again. An alternative would be to turn to a cheaper CA like Thawte. At my company, we only use Thawte certificate now (about 50 of them). Standard price for a 128 bit Thawte certificate is only $300. And they're as good and as well accepted as Verisign certificates. Their service is better. And if you have more than, say, 3 certificates, it makes sense to join their Starter-PKI program, which makes obtaining certificates much easier and which saves you even more bucks. Best regards, Huibert Quoting [EMAIL PROTECTED]: > I'm rather new to the SSL world, but I have a simple issue. I paid big $$$ > to Verisign for a Certificate for my web server. It seems to me that the > only reason I had to pay big $$$ is because Microsoft lists Verisign as a > Trusted CA. Since Microsoft won't list me as a trusted CA, can I do the > following???? > > Issue an openSSL certificate to another server, from the server where I > installed the expensive Verisign certificate??? > > My hope is that the certificate I issue will establish a chain of trust > back > to verisign, thus, users won't get that silly popup window in their > browsers > saying the site is dangerous, etc etc. I don't think my certificate is > dangerous just because I have not paid Microsoft massive amounts of money > to > consider me a CA. Is their any way to do this? Thanks. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
