Cost of getting in-house certificate authority trusted

My company has an in-house certificate authority that is currently self-signed. Since we want to start using it for external SSL and secure email to our customers, we need to get it trusted.

Does anyone have a ballpark as to what it costs to get trusted root certificate for an in-house PKI? 4 figures? 5 figures? 6 figures? We employ between 2000-3000.


Solution 1:

If I remember correctly, we were quoted something like 150k to start then 75k per year when we looked into this.

Solution 2:

To get an idea of actually getting a root certificate trusted, take a look at CAcert's ongoing process. It's been a rather complex multi-year process (and they aren't done), but being an open organization all the details of the process are on their web site.

A more likely options is getting a subordinate CA under one of the big roots. I don't recall which offhand, but at least one had an option a while back for them hosting the subordinate CA (IIRC wisc.edu does this with Equifax/Geotrust). I think the ongoing cost was in the low 5 figures per year plus a few dollars per cert (startup costs not included). I don't have links handy, but several schools have gone this way and have the technical details published either on their web sites or in presentations given at conferences. Working from memory and my cert cache, wisc.edu, lsu.edu, and tmc.edu look like good places to start.