Choosing an SSL CA?

zentigger asks: "I am looking at renewing some SSL certificates and checking out the various vendors. I seems that just about every major CA has some reason for not using them. Verisign is just evil, Thawte is owned by Verisign, Geocerts has a bad habit of spamming, and Godaddy uses a stupid chained cert that doesn't work for some appliances we have (and they won't let me check out using Firefox). I realize that I could just use a self-signed certificate, but we have too many stupid users that get all confused and whiny when something pops up and asks them unexpected questions. So I put it to you, Slashdot: what CAs do you recommend and why?"

A recent article suggested similar:

For those who missed it, this /. article about a similar topic.

I think the most interesting post that time was that the US military and Microsoft both use self-signed ones -- which makes a pretty strong case that (if you're a B2B company) your company should sign it and your customers should add your company to the trusted authorities. If your're a B2C one, choose the cheapest one that FireFox and IE trust by default.

Can you trust a self-signed ?

[JohnnyKlunk]

We use a self-signed CA, but being a corporate MS shop we force our CA's certs out as trusted through AD, so there's no difference between certs signed by our CA and certs signed by someone else. For me, it's brilliant. I can certify whatever I need to without having to cough up each time. It's only useful for internal users though. Obviously no good for public sites.

Re:Simple

[ericspinder]

Verisign is the choice since they are the most well known.

Joe Six-pack, doesn't know Verisign. He just knows if his browser kicks off a comfirmation box which defaults to 'no'. Besides, some time ago, GeoTrust bought their root certificate from Equifax (you know the 'little brother' who tells on you), so their certificate is called "Equifax Secure Certificate Authority". It's been in every major browser since IE && NS 4,

Re:Deja Vu?

[The+Angry+Mick]

Same answer as then: forget the CA, sign it yourself and make the required user ok of the resulting certificate part of the documented process for accessing your content.

We use imaging software (such as Ghost) and include the cert pre-installed in IE's "Trusted Root" and/or Mozilla's "Authorities" on every machine we roll out. Eliminated perplexed users calling about messages they don't understand.

Of course, we're not an e-commerce site, so this is purely an internal solution.

Re:Simple

[jd]

There might be some validity in that, if it weren't that Microsoft's certs were obtained from Verisign by phishers a few years back. Regardless of anything else, I would NOT be willing to pay a company for a cert that doesn't certify.

Re:cacert.org

[jrockway]

This post is so misguided I don't know where to start.

It is super easy to compromise a network. Try using ettercap sometime. It will ARP poison the switch, so that your switch port acts as an intermediary for all traffic on the subnet. Once you have that, you can also use ettercap to hijack SSL sessions. I've done this before, and it works great. The user gets the message saying "so and so.com sent you an invalid certificate? pretend that this is meaningless and blissfully send your SSN and passwords to whoever is listening?" They click yes, the padlock closes, and you steal all their data. Super easy.

It also works with SSH and pretty much anything else. If you don't verify fingerprints of hosts you're connecting to, you might be connecting to someone trying to steal your password!

ev1servers.net = $14.95

[rklrkl]

Cheapest I've seen on the Net is ev1servers.net at $14.95 (about 8.50 pounds for UK folks). It works with almost all browsers, except for users running IE 5.0 or older that haven't upgraded the latest root certificate via Windows Update. What I did is write a script that scanned the access logs for IE 5.0 or older and displayed the percentage of such browsers - when it dipped below 0.1% (which it has already for about half the sites we manage), we switched from Verisign to the ev1servers.net secure cert and saved, wait for it, over 250 pounds per certificate!

Re:cacert.org

[Atrus5]

First, I'll agree that, yes, CAcert is not supported by anything I know of. Mozilla finally got its act together and published a policy. The ball's in CAcert's court, last I heard; they need to have an audit done.

As I understand it, the point of the system is not to act as a content filter, but simply to establish identity. For e-mail certificates with no name (just the address), they simply send an e-mail probe. For domains, they run a WHOIS and you select one of the e-mail addresses in the registration info. If you actually want a name on your certificates, you must be assured by two people, who can be someone already in the web of trust or one of several widely trusted third parties. These procedures are comparable to the ones used by CAs that are installed in browsers, at least for their lower levels.

I really don't understand the belief that "only people with $20-1500/yr need to be authenticated." Really, anytime you send secret/valuable data, it should be sent to an authenticated server over an encrypted channel. CAcert is a program that provides some hope of achieving this. The other big thing is Server Name Indication support and the retirement of SSL2; that will allow multiple SSL certs per IP, removing another costly barrier.

Let's be realistic here: how many people actually use a different password for each website that uses one? how many of these sites actually use SSL?

If your gripe is based on some problem with CAcert's execution, then I encourage you to ignore this rant and elaborate on your points.