ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

The SSL certificate industry is a messy business

<< < (2/6) > >>

I know it's free, but why go through the trouble of having your certificate signed by cacert, when it still won't get you rid of the anoying browser warnings?

I also would like to learn more about this.  We tried creating one of those "free" certificates and now we have two certificate verifications to do.  <sigh>

I decided for myself the trouble was worth it. In my case the decision was easy: either pay and have less hassle, or have "trouble" and pay less. Since I don't like to pay for stuff I can get for free, I decided to not pay. Likewise, I'd be unwilling to pay for software, operating systems or email services.

And I installed cacert's root certificate into my webbrowser, so I don't get as many warnings.

cacert's competitors are fighting very hard to keep cacert's root certificate excluded from software (i.e. firefox' built-in security token): their business relies on this.

I don't trust verisign more because they charge more; given their history with what they did to DNS, I am inclined to trust them less. Lucky for us all, there are many other CAs out there, many of which have their root certificates built into software packages, so one can get an easy to use certificate without paying too much.

I'd suggest dropping one certificate if having two is a problem. :)

housetier: I think the question being asked is "why use cacert instead of a self-signed certificate, when cacert's root cert isn't included with browsers?".

Using cacert as CA

* is convenient for me, because I don't have to set up my own CA
* is convenient for some visitors, because I know some of them will already have imported their root cert
* makes no difference on the trust scale
Yeah that's much better than what I originally came up with :)


[0] Message Index

[#] Next page

[*] Previous page

Go to full version