The certificates must be signed by an approved key signing agency. Anyone can produce one; to get it to interact 'securely' with free netscape browsers you need the certificate to be signed.
There is no word as to how to become a KSA. Netscpe has ignored the question on several occaisons.
It is interesting that in order for me to use the commerce server on an *internal* application I am working on, my project *still* needed to get the key signed by verisign, even though no one outside of the company i am working for will have access to the commerce server my application is running on. -- sameer Voice: 510-601-9777 Network Administrator FAX: 510-601-9734 Community ConneXion: The NEXUS-Berkeley Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer@c2.org