Server certificates

[Marvin Bellamy]

You can use keytool to generate your own certificate.  You won't have 
verisign in your keychain to verify who you are, but if the browser just 
accepts the cert, the session will work.  That's what's so lame about 
CAs.  They get $$$/year just to vouche (sp) for you and most of the time 
all they do is call the number you give them and ask for the company 
name!  The price of these damned things really is prohibitive for 
smaller sites running securely.  

Brian Densmore wrote:

>>Getting one for cheap isn't the problem.  It's getting one for cheap 
>>from a certificate authority who's in the trust store of the 
>>application 
>>you want to use.  i.e. I can become a certificate authority 
>>myself and 
>>give you one for free, but browsers would bitch-slap you on the 
>>
>Yes, but I don't mind that, as long as I can make them import the root
>cert.
>
>>handshake.  What sort of an application are you designing?
>>
>I just want to create secure services on my web server for people I give
>accounts/
>virtual domains to.
>
>I am also hosting, a non-profit site and would like to add others, but
>I'm not about
>to fork out $300-$3000 a year for a stupid 128bit 1024 character
>encrypted key.
>That a ____ sham and joke!
>
>I figured since this was a Free (as in speech) oriented system, there
>might be some
>group not trying to squeeze the world for hard-won cash for something
>that is so
>basic to the future of the internet. I foresee a future where server
>certs are a
>prerequisite for websites.
>
>It looks as though other countries [or at least Germany] are making it a
>national 
>government controlled issue.
>
>Brian
>
>
>