Results 1 to 5 of 5
  1. #1
    Join Date
    Sep 2005

    Becoming a Certificate Authority

    First off, sorry if this is in the wrong section..

    I am looking for anyone who knows the procedure(s) being becoming a Certificate Authority (CA) (SSL Certificate Seller). I know it is not an easy task, however I am interested in it.. In addition, the explanation has to be "idiot proof" . Thanks

  2. #2
    Join Date
    Nov 2004
    Sorry, but becoming a Certificate Authority isn't "idiot proof" so we can't explain

  3. #3
    Join Date
    Sep 2005
    die dont make it idiot proof then

  4. #4
    Join Date
    Nov 2005
    I too have been looking for information regarding this, if anyone can help out I would appreciate it as well.
    Dimension Servers / Toll-Free: 1-888-750-6942
    RapidSSL Cert Included with ALL Reseller & Ultra Accounts
    24x7x365 Unbeatable Technical Support!
    Shared CPanel Hosting // Reseller WHM Hosting Solutions

  5. #5
    Join Date
    Feb 2003
    There are several options, each varying in cost.
    The question is similar to 'how do I become a registrar?' and there are equally many options.

    Option 1: You just want to resell certificates. Contact any of the major cert providers and I'm sure they will help you become a reseller.

    Option 2: White-labelling. Some CA's will offer a souped-up reseller package whereby you can white-label the certificates, and use their APIs to write your own systems and sell certificates without easily revealing the provider behind it.

    Option 3: Sub-CA. Again, some of the CA's can take Option2 further, and offer you your own Sub-CA. Usually signed from one of the major ubiquitous roots, they can either maintain the keys and infrastructure for you or possibly allow you to take the keys to your own infrastructure.
    This means that the certificates can bear your own brand or naming.
    Don't expect it to be cheap. Secure infrastructure alone (HSMs etc.) can cost a bomb. Even having a hosted sub-CA can cost 6 figures.

    Option 4: Become a root CA yourself. Obviously, the most difficult and most expensive option. You set up your own infrastructure and get your keys into the browsers, devices and OSs. You won't be able to sell the certificates to the public for a few years because they won't be ubiquitous enough. Many companies (eg Microsoft) won't accept your root certificates without at least a WebTrust audit, which is costly.
    [Note: The shortcut to this is to 'aquire' an already ubiquitous root key. If anyone knows of one that's going for less than $x million, let me know ]

    This of course only covers the actual setup and infrastructure - bear in mind that issuing certificates can be a labour-intensive task if you intend to properly validate the certificates.

    HTH. PM me if you have any more questions.
    Last edited by nafrance; 09-05-2006 at 08:14 AM. Reason: Added some additional info.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts