X.509 Certs For Personal Use

Leo Bicknell bicknell at ufp.org
Sat Feb 18 01:07:29 UTC 2012

On the heals of some of the most productive conversation I've seen on
NANOG in ages, let me try another topic!

I suspect most people on NANOG are in the same boat that I'm in, we
operate some small number of domains for ourselves, friends, family, and
projects we like.  I suspect many of us are also security conscious and
would like to use encryption as often as possible.

Unfortunately to communicate with random folks on the Internet you need
an "SSL Certificate" signed by a "Trusted Root".  Ok, we can argue about
that, but that's what I'm going to assume for my question.  That could
be a cert for a web server, a mail server, a jabber server, or even a
personal e-mail certificate.

What I've found is a few classes of service:

- Totally free, but the Root CA is not well distributed (or other

- Free for "one" (perhaps one web, one e-mail) on a well distributed CA,
  major upcharge for more.

- Services for businesses designed for maintaining multiple domains and
  certs starting at $high and ending at $crazy.

I am _not_ looking for a free only alternative, but I am looking for a
fee structure and price that makes _personal_ use economically workable.
I'd love to support community based efforts, but the reality is random
folks will be accessing my web site, sending me e-mail, etc, so I want
certs that are signed by root certs that ship with OSX/Windows/Linux,
they should "just validate".  I also do not require "EV" certificates,
although being able to get one for an upcharge might be nice.

Are there any providers that target someone with my desires?  What
providers do NANOG folks use for their _personal_ needs?

       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20120217/5b9f0371/attachment.sig>

More information about the NANOG mailing list