The problem is that Microsoft Internet Explore and Netscape now are serious about the Root > Trust Authorities. ...
I'm not sure what you mean by "serious about the Root Trust Authorities" but I tested the ssl client authentication on several computers, both inside and outside our LAN with both Internet Explorer 6 and Firefox 1.0.x and it works for me. If you don't use a trusted certificate, the "only practical" issue (see my PS for a security issue) is that the user trying to connect to that web site will be prompted by a message saying that the certificate does not come from a trusted root, and asking you whether you want to have a look at the information provided with the certificate and whether you want to accept it. Regards, Gaël PS: when you use self-signed certificates, there is also a security risk, i.e the risk of what it called a man-in-the-middle attack : an attacker could send the client his own self-signed certificate which has the same name as that in the server's self-signed certificate. The attacker then connects to the real server himself. When the client sends data to the server the attacker reads it and then sends it along to the real server.
