[ILUG] Re: summary ? - SSL certs on clusters
Colm Buckley
colm at google.com
Fri Jan 9 16:29:23 GMT 2004
> just curious, but is SSL not hierarchical? Ie you can buy some kind
> of cert, signed by $CA and then create your own certs, signing them
> with your $CA signed cert?
Yes, this works in theory, but as CA certs recognised by the main
browsers are effectively a license to print money, the certs you get
from the existing recognised CAs have the "can be used to sign other
certificates" bit disabled. It's an oligopoly-protection mechanism.
You *can* buy certs which can be used to sign other certs, but they are
*very* expensive - hundreds of thousands of euro.
Colm
--
Colm Buckley / colm at google.com / +353 87 2469146
More information about the ILUG
mailing list