Ok.... so I've admittedly never fooled around with SSL before but after installing ISPConfig 3, I'm looking into it a little bit before going into production to see if I want to act as a CA of sorts as well. Hoping to get some answers from some other webhosts here, but: - Is your certificate for Mail, FTP and the panel self-signed or verified? Right now, I have the self-signed ones in place for all three services, but I'm wondering if I should really invest in the trusted/verified certificates for those three services - is it really all that important to get a cert from VeriSign or someone like that? If so, what's the cheapest and most painless that I can get for commercial use? - Do you issue your clients certificates as your own CA free of charge or with a charge? Is this legal? Obviously I'm not/wouldn't be a "Trusted Root CA," but I could provide the certs for someone that's running their own little personal website, couldn't I? - So say I did get a trusted certificate for my SMTP Server, mail.company.tld. If someone connected via their domain to my server, for example mail.someclient.tld, would they need their own seperate certificate or would mine still be trusted for them? - I'm confused on non-trusted vs. self-signed. My FTP Certificate, for example, is issued by the same entity that holds it. That's self-signed. But now, say that I setup a CA with everything the same, except for an Organizational Unit of say "SSL Certs Dept." and then issue one for my FTP Server with an Organization Unit of "FTP" - does that still count as a self-signed certificate? And if not, will it be trusted by web-browsers/mail clients/FTP Clients/etc? Asking here because the more that I read into it, the more confused I get and the more questions I have. Edit: Ok, after a bit more research, I found this: https://www.namecheap.com/security/ssl-certificates/domain-validation.aspx Now, provided that I truly have to go the route of buying one. That begs two questions - - Which one do I get to support all of my services, ie: mail.myhost.tld, www.myhost.tld, myhost.tld:8080, etc? Keep in mind that I plan on doing this commercially, so does that change my requirements for what I'd need? - Is forming my own CA to issue clients (free) certificates for their websites still okay, or is it advised against?