First off, sorry if this is in the wrong section..
I am looking for anyone who knows the procedure(s) being becoming a Certificate Authority (CA) (SSL Certificate Seller). I know it is not an easy task, however I am interested in it.. In addition, the explanation has to be "idiot proof" . Thanks
There are several options, each varying in cost.
The question is similar to 'how do I become a registrar?' and there are equally many options.
Option 1: You just want to resell certificates. Contact any of the major cert providers and I'm sure they will help you become a reseller.
Option 2: White-labelling. Some CA's will offer a souped-up reseller package whereby you can white-label the certificates, and use their APIs to write your own systems and sell certificates without easily revealing the provider behind it.
Option 3: Sub-CA. Again, some of the CA's can take Option2 further, and offer you your own Sub-CA. Usually signed from one of the major ubiquitous roots, they can either maintain the keys and infrastructure for you or possibly allow you to take the keys to your own infrastructure.
This means that the certificates can bear your own brand or naming.
Don't expect it to be cheap. Secure infrastructure alone (HSMs etc.) can cost a bomb. Even having a hosted sub-CA can cost 6 figures.
Option 4: Become a root CA yourself. Obviously, the most difficult and most expensive option. You set up your own infrastructure and get your keys into the browsers, devices and OSs. You won't be able to sell the certificates to the public for a few years because they won't be ubiquitous enough. Many companies (eg Microsoft) won't accept your root certificates without at least a WebTrust audit, which is costly.
[Note: The shortcut to this is to 'aquire' an already ubiquitous root key. If anyone knows of one that's going for less than $x million, let me know ]
This of course only covers the actual setup and infrastructure - bear in mind that issuing certificates can be a labour-intensive task if you intend to properly validate the certificates.
HTH. PM me if you have any more questions.
Last edited by nafrance; 09-05-2006 at 08:14 AM.
Reason: Added some additional info.