Topic: install certificate following HOWTO

[BlueLake]

Yes I agree there would be some mountain to climb but the view from the top would be fantastic. This also seems to be one of the biggest issues with a lot of SME users judging by the amount of text used on this forum and others. On my original search for info on this subject it seemed like nearly everyone had an issue with certificates and Microsoft/Firefox/Chrome etc...because of the message displayed before proceeding to the web site. Large corporations (which are a small percentage compared to the massive amounts of small business which are by far are the biggest percentage) are denying business opportunities to the smaller one man bands on a cost basis. With all the scare stories of scams and computer fraud the message page set up by Microsoft and Firefox (only two I use) scare of potential customers. So unless this issue is confronted they will continue to dominate the market place as long as they are allowed to by the smaller business community. Perhaps it is the message that needs to be toned down or perhaps this issue could be raised with some governing body. If the will is there and judging by the correspondence it is, then something should be put into motion.

[cactus]

IIRC certificates aren't that expensive... building a proper web of trust however is, that is why you need to pay some as well. It is not that easy to be a certificate authority. I think you are considering this too lightly. There are two ways to do this one, way is the certificate authority the other way is the web of trust (like CACert does), if we have multiple smaller webs of trust you do not have a very high certificate security in such a case. You need a web of trust that is as large as you can get and diverse as you can get...

[janet]

BlueLake

Piran is correct re issues with validity period of cacert certificates.
If you can locate a "real person" in your area and physically meet up with them, then you can have a cacert certificate issued for 2 years rather than 6 months (the default "effort free" validity period). Visitors to your website still need to install the CACERT root certificate available from the cacert website. So you could say there is still some effort required to get trust when using free cacert certificates. Trust has a price. Read more about it on the cacert website.

Certificate authorities need to pay tens of thousands of dollars to the browser publishers to be included in the root certificate. Cacert is the organisation currently attempting to achieve what you are asking for.

There are a number of lower cost commercial certificate offerings around that I believe are trusted by browsers (eg the Microsoft issued default root certificates installed in browsers).
Search Google for cheap offerings, take a look at GoDaddy.

Note that the root certificate issued by Microsoft & others needs to be updated every few years (which happens automatically with a browser update). There is a cost to browser publishers to maintain & update root certificates, so I guess it's reasonable to expect there to be a cost to the end user.

I think you can get an acceptable certificate for a few hundred dollars per year rather than paying thousands of dollars for a "big name" certificate. Most small businesses could afford the lesser amount, it's in effect a necessary cost to do secure online business.