from Hacker News

Ask HN: Books/guides/resources about running a public, web CA?

by _1tan on 4/20/25, 11:25 AM with 7 comments

  • by cpach on 4/20/25, 12:49 PM

    I think the below resources are a good start.

    This makes me curious: Do you have a specific goal in mind?

    https://github.com/mozilla/pkipolicy

    https://www.ccadb.org/

    https://cabforum.org/

  • by threesevenths on 4/20/25, 12:54 PM

    The difficult part of running a ca is convincing others you’re trustworthy. You need to have your business processes audited but an independent third party and then wait for your root to be adopted and deployed in browsers.

    The value in exiting providers is their reach; versign for example is deployed in practically every trusted root bundle. When GoDaddy wanted to enter the market, they bought Starfield who already had a root which was widely trusted and crossed that with their own.

    The reason people will pay for you to compute a number based on a number they give you and your super secret number is that people trust what you’re doing with your super secret number. And that trust takes time.