Well, I haven’t had a chance to look at the entries I mentioned last post. But I DID remember an open free Certificate Authority.
CA Cert, it’s a site that allows you to register and, assuming you can reasonably proof ownership of your domain (by answering the emails associated with the registrar), then you can issue certs for your domain. I’m currently looking at issuing certs for my mail server and web daemon.
The CACert Root Certificate isn’t widely distributed, so your users would have to add it the first time they came, but IMO it’s a little better (and possibly more well controlled) than the self-signed “Snake Oil” certs.
The only downside, that I’ve noticed so far, is that there’s no interface for building your request. So you still have to use OpenSSL or another package to generate your Cert Req and the CSR. I’m kindof surprised, honestly, that they don’t have that part, since that would be easier than the CA portion I would think.
So, I still want to look at the other tools, but since CACert is centralized and you can add the root cert for your users, I think it makes a decent option when you can use it.