F
Frankie
I just read the following on the Web site of a company selling SSL
certificates:
<< When the SSL handshake occurs, the browser verifies that the server
certificate was issued by a trusted CA. If the CA is not trusted, a warning
will appear. >>
This implies that browsers have some way to verify that a server certificate
was issued by a trusted certificate authority (CA).
My question:
I have my own Windows Server 2003 server that I can set up as a certificate
authority (CA) - and I can create my own server certificates for use on a
Web Server on the Internet. If I do this - then will browsers conclude that
the CA is not trusted because I'm not on some list of CAs that the browsers
can verify against? Basically I just want to know if I can create my own SSL
certificate for use on the Internet or if I really need to buy one from some
well-known company.
Thanks!
certificates:
<< When the SSL handshake occurs, the browser verifies that the server
certificate was issued by a trusted CA. If the CA is not trusted, a warning
will appear. >>
This implies that browsers have some way to verify that a server certificate
was issued by a trusted certificate authority (CA).
My question:
I have my own Windows Server 2003 server that I can set up as a certificate
authority (CA) - and I can create my own server certificates for use on a
Web Server on the Internet. If I do this - then will browsers conclude that
the CA is not trusted because I'm not on some list of CAs that the browsers
can verify against? Basically I just want to know if I can create my own SSL
certificate for use on the Internet or if I really need to buy one from some
well-known company.
Thanks!