[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

X.509 Certs For Personal Use - Follow Up

Subject: X.509 Certs For Personal Use - Follow Up
From: bicknell at ufp.org (Leo Bicknell)
Date: Mon, 20 Feb 2012 06:57:16 -0800
In-reply-to: <[email protected]>
References: <[email protected]>

I received a number of interesting replies, most off-list, so I thought
I would summarize and perhaps restart the discussion.

Many folks pushed the "run your own CA" idea.  While I get that works,
and even secures the communication, if you run a web site accessed by
random folks it will confuse some percentage of them.

StartCom (www.startssl.com) seems to be the only 100% free option, with
a few limitations.  You must own your own domain (for instance they
validate your e-mail based on the ones listed in whois), and the certs
have the Organization set to "Persona not validated".  This doesn't
prevent the certs from working fine and "locking the padlock", but if
someone looks at it may raise an eyebrow.  Still, it's free, you can
generate a personal cert for e-mail and certs for web, smtps, jabber,
etc.  Multiple certs are no problem.  For 100% free, it's the only
option anyone has mentioned.

References:
- X.509 Certs For Personal Use
  - From: bicknell at ufp.org (Leo Bicknell)

Prev by Date: Common operational misconceptions
Next by Date: WW: Colo Vending Machine
Previous by thread: X.509 Certs For Personal Use
Next by thread: NANOG Digest, Vol 49, Issue 84
Index(es):
- Date
- Thread