> And you wouldn't have to do that if you issued your own?
Yes, you would. That's why I said you 'may as well use your
own'. The advantage there being that you don't have to fiddle
around with your server setup every 14 days to install a
new cert (actually this was primarily an issue for me when
developing on NES, as that completely refused to start when
it had a cert is out of date IIRC. I started using my own CA
for testing and non-general-public uses before I started
using apache & mod_ssl so I don't know how it behaves).
> Actually, if you think about it, whether you use your own
> self signed CA or
> a test ID from Verisign, and don't install the 'test' root
> CA, the end user
> still gets the same error message, something about the issuer
> not being
> trusted...
There's nothing inherently wrong with using Verisign test
certs. I've just found the time limit annoying. For
non-general-public uses (ie where you do have real users)
I think the "Do Not Trust" nature of the Verisign test
root cert may raise a few eyebrows, where a CA created
by your own company may not (as you are already likely
to have an existing business relationship with such
users). For general-public uses you more or less need
a commercial cert if you don't want to scare people
off.
--
Paul McGarry mailto:[EMAIL PROTECTED]
Systems Integrator http://www.opentec.com.au
Opentec Pty Ltd http://www.iebusiness.com.au
6 Lyon Park Road Phone: (02) 9878 1744
North Ryde NSW 2113 Fax: (02) 9878 1755
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]