[Discuss] ssl certs
Edward Ned Harvey
blu at nedharvey.com
Mon Apr 2 10:45:25 EDT 2012
> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss-
> bounces+blu=nedharvey.com at blu.org] On Behalf Of Jack Coats
>
> You might check to see if you could get a cert from cacert.org
>
> You can find people in your area that could generate a cert for you.
>
> At one time I thought CACERT finally made it into the big time of cert
> authorities so their certs should be valid everywhere now.
So... The list of trusted root authorities varies from client to client. If
you were being really diligent (unrealistically) you would gather all the
lists of trusted roots from all the clients you care about, and then find
the intersection of them all, and choose one of the CA's that meets your
needs. But in reality, you're just going to pick one without doing all that
OCD diligence. Maybe you'll look at *one* client list, as a starting point.
At least in Windows Chrome, CACert is not one of them. Unless, perhaps,
they sign under some other name. For example, startssl signs under the name
startcom. Verisign = Verisign. Godaddy=Godaddy. Thawte=Thawte. For the
most part, it's pretty easy to find a specific CA based on the name of their
CA trusted root cert. I don't see anything that seems suspiciously similar
to CACert.
More information about the Discuss
mailing list