Firefox 3.0, released not too long ago, was generally well-received. It added a load of new features, while also providing much-needed speed improvements and better memory management. Some new features, however, have met more resistance - one of them is the rather complicated user interface thrown at users when they reach a website with an invalid or expired SSL certificate.
To read all comments associated with this story, please click here.
Member since:2008-03-08
Luckily for you, you CAN afford a certificate from a verified CA. startcom offers free SSL certificates via http://www.startssl.com/ and it is recognised by Firefox.
Unfortunately, not many people know about this.
(Hopefully, CAcert will be recognised soon too, but that may not be soon enough for most people.)
EDIT: Unfortunately, startcom is not recognised as a valid SSL authority by other browser vendors (Microsoft IE, maybe Opera and Apple too), so it may not be a good fit.
Edited 2008-08-29 14:55 UTC
Member since:2005-07-08
Wow, the price is right ($0) at www.startssl.com - thanks, I'll probably register.
CAcert sounds like the right community-based idea, but they are actually recommending people use a few words of l33t sp34k for their pass phrases!? I don't think I would be shipping their cert quite yet either...
Member since:2006-01-03
That doesn't solve the problem for internal domains (the only solution is to create an internal CA and add its root certificate to the browser), not does it solve the problem for embedded web administration in a variety of devices (many of which don't even allow the certificate to be changed).
Member since:2006-06-30
Member since:2005-07-06
Member since:
2005-07-08
This is not the fault of Firefox as much as it is the fault of the completely dysfunctional Certificate Authority system currently in place.
If I could AFFORD a valid cert, I wouldn't have a self-signed cert, and wouldn't direct all my users to use un-encrypted HTTP on my site.
The Mozilla foundation should step up to the plate and recognize a saner community-based non-profit certificate authority. They have the market share to make this happen. They control this now based on what certs they choose to ship with. Now is the time.