On Jul 22, 2009, at 11:31 AM, Rodney Thayer wrote: > CACert is questionable too. why not just spin your own root and put > it on an offline box? Because you are going to get the same SSL warnings and alert from software if you use any root that isn't in the shipped store with the software. This is certainly true for Firefox. Al