Author: Sean Gibbins Date: To: Hampshire LUG Discussion List Subject: Re: [Hampshire] home self signed ssl cert with multiple host names?
Sean Gibbins wrote: > Chris Aitken wrote:
>
>>>
>>>
>> Secure Connection Failed
>>
>> carfax.org.uk uses an invalid security certificate.
>> The certificate is not trusted because the issuer certificate is unknown.
>> (Error code: sec_error_unknown_issuer)
>>
>> # This could be a problem with the server's configuration, or it could
>> be someone trying to impersonate the server.
>> # If you have connected to this server successfully in the past, the
>> error may be temporary, and you can try again later.
>>
>> (WinXP SP2; Firefox 3.0.5).
>> Chris
>>
>>
>
> It's because it's self-signed, so either add the exception and proceed
> or run away.
>
> If you are concerned about this and want a 'proper' certificate you will
> need to pay for it.
>
> Of course, if it were your bank or credit card company's certificate
> returning that error it would be a different matter altogether.
>
> Sean
>
>
Reading that through it sounds a little terse to say the least - it
wasn't meant to be. Fewer words arrived at my fingertips than originally
set out from my brain - I suspect this bloody headache had something to
do with it!
:-P
To expand a little, Firefox 3's warning about 'iffy' certs does look a
little frightening, but it is just trying to pull you up short and make
you think about whatever lays beyond for your own good. I wouldn't mind
betting there is some degree of arse-covering going on too.
So, if you do self-sign then this is what visitors to your site using
Firefox 3 will see until they accept your certificate. If that is a
problem, i.e. you run a business and you feel it looks unprofessional,
then you will need to purchase a certificate from a trusted authority
such as Verisign or Thawte.
Sean
--
The computer can't tell you the emotional story. It can give you the exact mathematical design, but what's missing is the eyebrows.
Frank Zappa
