Which certification authority to use

Hello!
Is there a table or some kind of overview of the certification
authorities that are preinstalled in all browsers.
There are so many available and of course I want to sign my certificate
by an ca that is preinstalled in many browser as possible, otherwise I
could sign it by myself. :-) And I could that way do some price comparement.
I didn't find anything like that by google.

Thanks for any help
Maik

What's your country of business or residence?

--
nightlegend@tiscali.co.uk
There's nothing so powerful as truth ,and often nothing so strange.
"Maik Wiege" <mswiege*nospam*@gmx.de> wrote in message
news:dbgko8$90j$1@ulysses.news.tiscali.de...
> Hello!
> Is there a table or some kind of overview of the certification
> authorities that are preinstalled in all browsers.
> There are so many available and of course I want to sign my certificate
> by an ca that is preinstalled in many browser as possible, otherwise I
> could sign it by myself. :-) And I could that way do some price
comparement.
> I didn't find anything like that by google.
>
> Thanks for any help
> Maik





----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
---= East/West-Coast Server Farms - Total Privacy via Encryption =---

NightLegend schrieb:
> What's your country of business or residence?
germany

Why not ask Verisign or any of the other huge commercial CA's if they have
that info?

"Maik Wiege" <mswiege*nospam*@gmx.de> wrote in message
news:dbgko8$90j$1@ulysses.news.tiscali.de...
> Hello!
> Is there a table or some kind of overview of the certification authorities
> that are preinstalled in all browsers.
> There are so many available and of course I want to sign my certificate by
> an ca that is preinstalled in many browser as possible, otherwise I could
> sign it by myself. :-) And I could that way do some price comparement.
> I didn't find anything like that by google.
>
> Thanks for any help
> Maik

Maik Wiege <mswiege*nospam*@gmx.de> writes:
> Is there a table or some kind of overview of the certification
> authorities that are preinstalled in all browsers. There are so
> many available and of course I want to sign my certificate by an ca
> that is preinstalled in many browser as possible, otherwise I could
> sign it by myself. :-) And I could that way do some price
> comparement.

here is old look we did some time ago on the subject:
http://www.garlic.com/~lynn/aepay4.htm#comcert14 Merchant Comfort Certificates
http://www.garlic.com/~lynn/aepay4.htm#comcert16 Merchant Comfort Certificates

we were asked to consult with this small client/server startup in
menlo park on doing payment transactions and something called a
payment gateway. in the year we worked with them, they moved from
menlo park to mountain view and changed their name from mosaic to
netscape ... and work is frequently now called e-commerce
http://www.garlic.com/~lynn/aadsm5.htm#asrn2
http://www.garlic.com/~lynn/aadsm5.htm#asrn3

as part of the effort, we had to go around and sort of audit several
of the major organizations issuing these things called ssl domain name
certificates.
http://www.garlic.com/~lynn/subpubkey.html#sslcert

the basic technology is that public keys are filed in trusted public
key repositories. in infrastructures like pgp ... this frequently is
done by individuals with respect to other individuals they know.

in the case of the SSL domain name certificates ... certification
authority root public keys were pre-installed into trusted public key
repository built into the browser software before it was distributed.

these certification authority root public keys can be used for
directly signing customer digital certificates .... or, in some cases,
they may be used for signing other organization digital certificates
containing their own unique public keys.

in a standard PKI trust hierarchy ... the root public key may be used
for signing subsidiary certificates containing subsidiary public keys
.... and then the subsidiary public keys are used for directly signing
general digital certifictaes.

as a result ... you may find a ca that has a root public key
pre-installed in large number of different browsers ... but it is one
of the organization's subsidiary public keys that might be signing
your specific digital certificate.

--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/

In article <m3mzo6irj8.fsf@lhwlinux.garlic.com>,
Anne & Lynn Wheeler <lynn@garlic.com> wrote:

>these certification authority root public keys can be used for
>directly signing customer digital certificates .... or, in some cases,
>they may be used for signing other organization digital certificates
>containing their own unique public keys.
>
>in a standard PKI trust hierarchy ... the root public key may be used
>for signing subsidiary certificates containing subsidiary public keys
>... and then the subsidiary public keys are used for directly signing
>general digital certifictaes.
>
>as a result ... you may find a ca that has a root public key
>pre-installed in large number of different browsers ... but it is one
>of the organization's subsidiary public keys that might be signing
>your specific digital certificate.

And you have to remember to include the subsidiary CA's certificate
along with your own (e.g. via the "SSLCACertificateFile" directive in
Apache), otherwise your certificate might not be recognized.