verisign certificate

Hello

I wanted to buy certificate to make my own CA and sign my own certyficates
(for my use only).

Can i buy a "normal" certificate in verisign and use it later as my CA
certificate ?
Do you know what might be the price ?

Thanx

On Oct 25, 6:31 am, vertigo <tekn...@poczta.onet.pl> wrote:

> I wanted to buy certificate to make my own CA and sign my own certyficates
> (for my use only).

Okay.

> Can i buy a "normal" certificate in verisign and use it later as my CA
> certificate ?

No.

> Do you know what might be the price ?

I think Microsoft will include your certificate on its list of trusted
roots for around $5 million. You also need document your policies and
practices. I don't know that you actually need to give Microsoft the
$5 million. It may just be required to be posted as insurance against
a breach of your own policies or practices.

DS

vertigo <teknet7@poczta.onet.pl> wrote in news:op.t0q86c1umv59ja@pluton:

> Hello
>
> I wanted to buy certificate to make my own CA and sign my own
> certyficates (for my use only).
>
> Can i buy a "normal" certificate in verisign and use it later as my CA
> certificate ?
> Do you know what might be the price ?
>
> Thanx
>

Why would you buy a certificate if you want to make your own. Seems like a
waste of money. Just go ahead and make your own. If you set up a server
certificate which is not issued by an authority known to the browser, then
the browser will ask the user if they will accept the server cert as being
valid.

>
>> Hello
>>
>> I wanted to buy certificate to make my own CA and sign my own
>> certyficates (for my use only).
>>
>> Can i buy a "normal" certificate in verisign and use it later as my CA
>> certificate ?
>> Do you know what might be the price ?
>>
>> Thanx
>>
>
> Why would you buy a certificate if you want to make your own. Seems like
> a
> waste of money. Just go ahead and make your own. If you set up a server
> certificate which is not issued by an authority known to the browser,
> then
> the browser will ask the user if they will accept the server cert as
> being
> valid.
>


We do not want to have self signed certificate anymore because they could
not be trusted
(anybody can create such certificate).

I want to have 10 valid certificates. I want to be sure that our clients
around the
world will not be asked about untrusted certificate.
I fought it would be cheaper to buy one certificate for my CA than 10
certificates
for each server.

On Mon, 29 Oct 2007 14:48:32 +0100, vertigo wrote:

> I want to have 10 valid certificates. I want to be sure that our clients
> around the
> world will not be asked about untrusted certificate. I fought it would
> be cheaper to buy one certificate for my CA than 10 certificates
> for each server.

You cannot do this. Each certificate is specific to the hostname of the
server where it resides. Specifically, the certificate is assurance that
the server is the one which it claims to be.

On Oct 29, 6:48 am, vertigo <tekn...@poczta.onet.pl> wrote:

> We do not want to have self signed certificate anymore because they could
> not be trusted
> (anybody can create such certificate).
>
> I want to have 10 valid certificates. I want to be sure that our clients
> around the
> world will not be asked about untrusted certificate.
> I fought it would be cheaper to buy one certificate for my CA than 10
> certificates
> for each server.

You may be able to save money one of two ways:

1) You may be able to obtain a "wildcard" certificate. If all the
servers are in the same domain, a "*.domain.com" certificate could be
used on all the servers. This has some security disadvantages.

2) You may be able to obtain multiple certificates in the same domain
at a discounted price. Once you prove you own "domain.com", you may be
able to use an expedited web interface at a fixed price to assign new,
unique certificates for multiple hosts inside that domain as needed.

However, since real certificates are available for around $20 these
days, just buying ten at that price may be the best deal.

DS

>> I want to have 10 valid certificates. I want to be sure that our clients
>> around the
>> world will not be asked about untrusted certificate. I fought it would
>> be cheaper to buy one certificate for my CA than 10 certificates
>> for each server.
>
> You cannot do this. Each certificate is specific to the hostname of the
> server where it resides. Specifically, the certificate is assurance that
> the server is the one which it claims to be.

Why ? I could buy one certificate which will be used for my CA.
Then i would be able to create as many certificates as i want using my CA.

On Oct 30, 6:10 am, vertigo <tekn...@poczta.onet.pl> wrote:

> > You cannot do this. Each certificate is specific to the hostname of the
> > server where it resides. Specifically, the certificate is assurance that
> > the server is the one which it claims to be.

> Why ? I could buy one certificate which will be used for my CA.

You can't because, as it says above, each certificate is specific to
the hostname of the server where it resides.

> Then i would be able to create as many certificates as i want using my CA.

And what would stop you from issuing a "www.microsoft.com" or
"www.amazon.com" certificate and loading malicious code onto people's
computers or stealing their credit card numbers? You cannot just
become a CA by sending $20 to someone.

DS