CAcert Open Source CA for OWA

[eastbr]

Does anyone have any experience with using CAcert as their Certificate Authority for IIS\OWA?

Any down side to using Open Source instead of a commercial CA like Verisign?

Any input would be helpful.


Thanks
Brent

 

[xmsre]

Why bother? The key advantage of trusted authorities like Verisign is that the root certificate is preinstalled on a large percentage of the browser base. In IE, click tools, content, certificates. Do you see CACert listed as a trusted root? How about trying the same in Netscrape? I thought not.

In that they are not a trusted root, this means that you have to run around to every client that will connect to your server and install their root certificate. Is says as Much on their site.

"For convenient and trustworthy communication via the Internet, we recommend that you install CAcert's root certificate in your browser. This enables confidential and authenticated communication with others who have also installed our root certificate."

If it's really that important to save the $200/year, then stand up CA and issue your own to yourself. You'll still be an untrusted root, and will have to run around to all the clients and install the certificate. I don't see where using CACert gets you anything.

 

[eastbr]

Thanks for the info, you make a very good point.
I did not realize that a certificate from Verisign was that cheap, that makes it a no brainer.

 

[xmsre]

I think it's actually Thawte. A one year is 200 and a two year is 350. There are cheaper alternatives out there, like digicert, at around $99/year.