On 2014-10-10 at 18:05 -0500, Lawrence K. Chen, P.Eng. wrote: > These things are starting to appear everywhere.... > > I vaguely recall hearing of one group looking at getting our own intermediate > CA. > > Searching came up with this: http://www.startssl.com/?app=5
Too late to start that now: CAs are shutting down those programs because the browser maintainers have pushed back harder. Unless you're prepared to go through all the steps that a public CA goes through, in terms of process controls and other security practices, and you're prepared to pay for auditors to audit how you run this side of things, a CA which issues an intermediate cert to you is at risk of getting pulled from the browser default trust stores. See, eg, https://wiki.mozilla.org/CA:CertificatePolicyV2.1 for how things are firming up. _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
