The world of PKI and the interactions between browsers and CertificateAuthorities are very complex these days. We are creating a Trusted ServiceProvider (TSP) to deploy to the public reliable certificates for free, free asin "free beer". What are the requirements to deliver extended validatedcertificates? Why do you have to pay for it? What will be the price? Webelieve that it is one of our principle rights to secure our identity andprivacy in the digital space. You can't buy a basic right but you can organizean environment to make the best use of it. The talk gives an overview of our setup of a new Trusted Service Provider. Theheart of all is a non-profit organization in Austria which will lead somelegal bodies required to operate successfull. This NPO is open for all peoplewho accept the United Declaration of Human Rights. We think this is a keyfactor for success. But a NPO like this is not a Certificate Authority. Weneed another organisation to take over all tasks of a CA which has to pass anaudit with flying colours. A successfull performed audit is the key factor toplay a reliable role in the market. Certificates will be accepted. Trustbetween this CA and the end users will be established. Last but not least amoney flow must be organized. Individuals will get their certificates alwaysfor free. What about organizations? I will point out that a special kind ofassociation will do and will work. The software to operate the CA is developedfrom scratch. Of course the software will be published under a FLOSS license.