All you need to do is get your server certificate from one of several places, including:
RSA (commercial CA or server CA)
Do you need a server certificate issued directly by one of these PCAs, or does it just need to be rooted there (i.e., can I use my [hypothetical] corporate PCA, which itself has a certificate from the RSA commercial PCA)? If it's the former, I would strongly urge you to extend your clients to include the latter. I don't want to have to go to RSA for every server certificate--that's in part what the PCA hierarchy exists for. Similarly, if I set up a personal server (with my home page, for example), can I'd like to be able to use a certificate issued by the RSA Unaffiliated User CA, which is itself a PCA certified by the Commercial CA. Amanda Walker InterCon Systems Corporation