I'm sorry if I posted to the wrong mail list... I know you provide help for open ssl and not CA help, but after four days of searching the web (I'm new to ssl) I felt you site was my best option.
First, I fully agree with you!!! For public transaction a common trust is imperative!!! I should have been clearer in my question. But, when you don't understand something well it's hard to formulate a proper question. Allow me to further explain my needs and why I felt a private CA was the proper solution for me (perhaps isn't.) I am trying to provide private company sensitive information to our "off-site" technicians and sales people. The information is to be presented via http (preferably https) to simplify the access and to keep it private. It's nothing secrete but not anyone else's business, either. I was wishing to provide my own CA, because I trust myself and so will our off-site staff. I/we are not dealing with the general public, so, I do not (feel) I require the extra level of trust that would provided by a public CA (verisign, Equifax, etc,) I chose ssl because it seem to be an inexpensive, quick, simple and secure method in place of RAS, VPN or ssh. At least for my needs. Perhaps, I am using ssl incorrectly by trying to use a my own (private) CA? Am I setting my self up for disaster?? Is there better solution?!? Again, I appreciate all (any) responses. Thanks, Bert Woods -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of David Schwartz Sent: Monday, February 04, 2002 4:03 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Can I be my own CA? On Mon, 4 Feb 2002 12:58:53 -0500, bjw wrote: >Hi again, > >I have a second question... > >Can I host my own CA. Say on a Linux box (I think I can do it on NT, but I'd >rather not!) > >What are the draw backs to being my own CA (if it can be done) I am not >currently providing e-commerce but I would like to have my web based data >encrypted, but don't wish to shell out $250 (at this time) for a verisign >approved CA. > >Thanks again for any (and all) responses!!! How will people know you are you? Well, you'll present them a certificate. But how will they know that certificate belongs to you? What you are paying VeriSign $250 for is to put their stamp on your claim that you are who you say you are. Without it, how could you possibly provide such an assurance? I'd be happy to take your word that you are who you say you are, if only I could be sure it was *your* word. That is the assurance that VeriSign provides. I already trust that if VeriSign says you are you, then you are. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.320 / Virus Database: 179 - Release Date: 1/30/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.320 / Virus Database: 179 - Release Date: 1/30/2002 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]