Jump to content

Becoming a Root CA or a Trusted Intermediate CA?

Sir Asvald
By Sir Asvald
in Servers, NAS, and Home Lab
 Share
Posted

I know it sounds crazy and it probably involves a LOT of MONEY and time. I'm not sure if anyone can answer my question.. I wanted to know what is the process? How long does it take to become one? The audit process, what do they check?

 

Cheers.

 

 

CPU: AMD Ryzen 5 5600X | CPU Cooler: Stock AMD Cooler | Motherboard: Asus ROG STRIX B550-F GAMING (WI-FI) | RAM: Corsair Vengeance LPX 16 GB (2 x 8 GB) DDR4-3000 CL16 | GPU: Nvidia GTX 1060 6GB Zotac Mini | Case: K280 Case | PSU: Cooler Master B600 Power supply | SSD: 1TB  | HDDs: 1x 250GB & 1x 1TB WD Blue | Monitors: 24" Acer S240HLBID + 24" Samsung  | OS: Win 10 Pro

 

Audio: Behringer Q802USB Xenyx 8 Input Mixer |  U-PHORIA UMC204HD | Behringer XM8500 Dynamic Cardioid Vocal Microphone | Sound Blaster Audigy Fx PCI-E card.

 

Home Lab:  Lenovo ThinkCenter M82 ESXi 6.7 | Lenovo M93 Tiny Exchange 2019 | TP-LINK TL-SG1024D 24-Port Gigabit | Cisco ASA 5506 firewall  | Cisco Catalyst 3750 Gigabit Switch | Cisco 2960C-LL | HP MicroServer G8 NAS | Custom built SCCM Server.

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
2 hours ago, Meic said:

The sale of Symantec's CA to DigiCert was ~$1 Billion...

 

https://www.zdnet.com/article/comodo-ca-sold-to-private-equity-as-digicert-completes-symantec-ca-purchase/

Nothing to do with my question.. Company was bought OUT. I'm asking how much does it cost to become ONE.

CPU: AMD Ryzen 5 5600X | CPU Cooler: Stock AMD Cooler | Motherboard: Asus ROG STRIX B550-F GAMING (WI-FI) | RAM: Corsair Vengeance LPX 16 GB (2 x 8 GB) DDR4-3000 CL16 | GPU: Nvidia GTX 1060 6GB Zotac Mini | Case: K280 Case | PSU: Cooler Master B600 Power supply | SSD: 1TB  | HDDs: 1x 250GB & 1x 1TB WD Blue | Monitors: 24" Acer S240HLBID + 24" Samsung  | OS: Win 10 Pro

 

Audio: Behringer Q802USB Xenyx 8 Input Mixer |  U-PHORIA UMC204HD | Behringer XM8500 Dynamic Cardioid Vocal Microphone | Sound Blaster Audigy Fx PCI-E card.

 

Home Lab:  Lenovo ThinkCenter M82 ESXi 6.7 | Lenovo M93 Tiny Exchange 2019 | TP-LINK TL-SG1024D 24-Port Gigabit | Cisco ASA 5506 firewall  | Cisco Catalyst 3750 Gigabit Switch | Cisco 2960C-LL | HP MicroServer G8 NAS | Custom built SCCM Server.

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
2 hours ago, Abdul201588 said:

Company was bought OUT. I'm asking how much does it cost to become ONE.

Buying one is a way to become one....

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
52 minutes ago, Meic said:

Buying one is a way to become one....

No. Just no. You don't know what you're talking about.. 

CPU: AMD Ryzen 5 5600X | CPU Cooler: Stock AMD Cooler | Motherboard: Asus ROG STRIX B550-F GAMING (WI-FI) | RAM: Corsair Vengeance LPX 16 GB (2 x 8 GB) DDR4-3000 CL16 | GPU: Nvidia GTX 1060 6GB Zotac Mini | Case: K280 Case | PSU: Cooler Master B600 Power supply | SSD: 1TB  | HDDs: 1x 250GB & 1x 1TB WD Blue | Monitors: 24" Acer S240HLBID + 24" Samsung  | OS: Win 10 Pro

 

Audio: Behringer Q802USB Xenyx 8 Input Mixer |  U-PHORIA UMC204HD | Behringer XM8500 Dynamic Cardioid Vocal Microphone | Sound Blaster Audigy Fx PCI-E card.

 

Home Lab:  Lenovo ThinkCenter M82 ESXi 6.7 | Lenovo M93 Tiny Exchange 2019 | TP-LINK TL-SG1024D 24-Port Gigabit | Cisco ASA 5506 firewall  | Cisco Catalyst 3750 Gigabit Switch | Cisco 2960C-LL | HP MicroServer G8 NAS | Custom built SCCM Server.

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Your real question is how much do you have to pay Microsoft/Google/Mozilla to include your root CA. I'm sure there's a PKI standard you will both have to meet and prove through an accreditation process. You also will likely need multiple employees, RAs and TAs to meet those requirements.

 

Letsencrypt just started up not too long ago, and they required the backing of global tech giants to get started. Here's an idea of how much it costs to run a CA at least:

https://letsencrypt.org/2016/09/20/what-it-costs-to-run-lets-encrypt.html

 

I tried to find some history on how they started up but turned up empty handed. It's much easier to just create your own CA and hand out your root cert to those that will be using it, and then use Letsencrypt for any internet/external facing services. This is exactly what I'm doing for my personal lab, and have my root CA installed on all my mobile devices and computers.

 

M$ guidelines:

https://technet.microsoft.com/en-us/library/cc751157.aspx

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
22 hours ago, Abdul201588 said:

I know it sounds crazy and it probably involves a LOT of MONEY and time. I'm not sure if anyone can answer my question.. I wanted to know what is the process? How long does it take to become one? The audit process, what do they check?

 

Cheers.

There isn't really a process that you just follow and then you become one.

You have to either buy an already established CA or create connections with all the major software players and have them ship with your cert.

 

It's not really about time or money, as much as it is connections and relations dependent.

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Servers, NAS, and Home Lab

×