SSL Certificates and root authorities
hi,
i have been playing around with ssl certs over the past few weeks and i have learned a bit for my self however,
i know that you can generate a self signed certificate and then use it like a normal certificate but you get the, what i would describe as a nag screen, telling you that the certificate is valid for this and that but invalid for for the other one.
i also know that you can train your browser to accept the certificate
my question is this:
who or what controls root certificates ? is there a root certificate authority that sends a list out to people like m$ who then add it into the browser? or do you have to give money to the people that make the browsers?
|