[M3devel] Trusted certificates for Elego's web services

Stefan Sperling stsp at elego.de
Fri Jul 24 11:09:16 CEST 2009


On Fri, Jul 24, 2009 at 09:55:34AM +0200, Olaf Wagner wrote:
> We'll have to get certificates for all our web servers, which will
> then include the CM3 one. I'll let you know if we can take over the
> costs :-)
>
> Let's ignore this issue for while...

There are local certificate issuers in Germany, too.
E.g. Deutsche Telekom does it and their root CA even made it
into Firefox now:
https://bugzilla.mozilla.org/show_bug.cgi?id=378882

They might still be operating as opaquely as Verisign but maybe
they are less expensive. And they'd probably be less complicated
for elego to deal with than any issuer in the US.

They've also signed certs for DFN members (German universities
and research institutions). E.g. if you go here you can see a
chain going up to Telekom: https://webmail.spline.inf.fu-berlin.de/

>>> Surely Microsoft cannot assume that the whole Internet is
>>> officially certified?

I have a feeling they'd like to, but more in terms of who
controls the procotols being used on the net, not necessarily
with respect to SSL certs.

That said, newer Firefox versions have also been pushing the user
experience with self-signed certs far down in an attempt to get
website admins to get their certs signed.

Stefan



More information about the M3devel mailing list