I'm not 100% sure, but I think that you can just get your CA cert signed by verisign, or thawte, or whoever... But you have to have it signed as a CA... Which they're probably loath to do, as each one that you sign is $249 out of their pocket (as they see it)
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Nick Temple Sent: Monday, October 29, 2001 04:55 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; modssl-users Subject: Re: interoperability Absolutely. You have to have your root cert signed by their root key, so the chain can be verified. This is pretty much what PKI is all about. Thawte (http://www.thawte.com) used to have information on their website about to do just that. However, I can't seem to find it (things changed when Verisign purchased them :-<). Does anyone have specific URL's about this? Nick *********** REPLY SEPARATOR *********** On 10/29/2001 at 3:02 PM Juan Carlos Albores Aguilar wrote: >is the following possible?? if so, could you explain me how or point me >documentation about it??. >I create end-user certificates and sign them by my own CA, this kind of >PKI is working on a apache+openssl+modssl system and i would like to make >this certificates to be accepted to other CA's, in somehow, to >interoperate with other certificates or higher, that my CA interoperates >with other CA's. I understan that we're working with X.509 certificates so >the "fields thing" cannot change but i'm talking about when other CA has >the same structure for its certificates and i want to take its >certificates as mine or viceversa, let's say, Verisign certificates, is it >technically possible that its certificates and ours could interoperate?? >or maybe with DoD certificates??. Of course it has to be an agreement and >all those, i repeate, technically. > >Any comments or directions will help so please comment, thanks. > >Juan Carlos Albores Aguilar > > >_________________________________________________________ >Do You Yahoo!? >Get your free @yahoo.com address at http://mail.yahoo.com > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
