On Saturday 29 May 2010 12:02:44 a list member wrote: > As somebody who audits CAs for purpose of them getting into trusted root > list, this is what you have to do: > a) Obtain WebTrust for certification authorities or ETSI 101 456 standard > (+ EV guidelines from cabforum.org) > b) Implement systems in line with one of these standards. Not cheap. HSM > devices alone cost $10k & upwards.
...deleted the stuff where it gets even more expensive... or just buy a FIPS 140-2 level 3 capable HSM from eBay for $100, forget all about audits, if you don't really need them. Write and publish your own CPS and follow the rules you see fit My CPS is at http://www.raapr.org/ca/ Ask the users that need to trust your CA to install the Root CA certificate to their browsers (all of users and each browser they use) and enjoy... just to give an alternative angle ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
