[ic] Recommendation for CA to issue Certs.

Jonathan Clark interchange-users@interchange.redhat.com
Wed Feb 20 17:53:00 2002


Hi.

> I'm sick of Thawte, so if I must go for individual certs, any
> recommendations on a CA in general as long as it isn't Versign or Thawte?
>

We use OpenSRS for domain names, and they sell 'tokens' to use to buy
Entrust certs. Entrust also seem to have a good validation process using
Dunn & Bradstreet. Cert costs $99, no wildcards though. To get an OpenSRS
account you have to go through a couple of hours of 'practice' on their
systems, and there is an initial minimum account balance.

> Lastly, what are the major drawbacks of just creating self-signed certs?

There are two important aspects to an ssl connection: one is security and
the other is independant verification of validity of the server/organisation
you are connecting to. If you are using the cert for ecommerce then both are
equally important, imho.

Jonathan
Webmaint.