search for: intermediate_certificate_author

...rypt.org between Authorities > certificates. That?s because they are not top-tier CAs. > This means (correct me if I'm wrong) that client has to > import one of these Certification Authorities certificates You must be unaware of certificate chaining: https://en.wikipedia.org/wiki/Intermediate_certificate_authorities Even top-tier CAs use certificate chaining. The proper way to run a CA is to keep your private root signing key off-line, using it only to sign some number of intermediate CA signing certs, which are the ones used to generate the certs publicly distributed by that CA. Doing so lets a CA aba...

On Jun 15, 2016, at 7:57 AM, ????????? ???????? <nevis2us at infoline.su> wrote: > > Nowadays it's quite easy to get normal ssl certificates for free. E.g. > > http://www.startssl.com > http://buy.wosign.com/free Today, I would prefer Let?s Encrypt: https://letsencrypt.org/ It is philosophically aligned with the open source software world, rather than act as bait