Search for your perfect domain name...

Firefox 3 Hates Self Signed SSL Certs

September 22nd, 2008|

|

Share this post

Firefox 3 Hates Self Signed SSL Certs

For some reason the Firefox developers seem to have taken protecting end users to a rather inane level, as the errors displayed for self signed certificates are extremely confusing.

See below for an example:

firefox-ssl-error.png

Just because a cert is self-signed does not make it insecure!

Of course if the site you are connecting to is a public ecommerce site then maybe you should consider your options very carefully, but when it’s something like a hosting control panel for Virtuozzo you need to be able to access it.

If you look at the bottom of the screen you’ll see a little link: “Or you can add an exception”
If you click on that and then follow the steps you will be able to access the site / control panel without any issues.

With older versions of Firefox this wasn’t as much of an issue, as the warning message was a nice big popup.

The new version of Firefox handles this situation very badly.

Reblog this post [with Zemanta]

Share with a friend!

About the Author: Michele Neylon
Known for his outspoken opinions on technology and the Internet, Michele Neylon is the award winning author of several blogs and co-host of the Technology.ie podcast. A thought leader in the Internet community, Neylon is active within ICANN and an expert on policy, security, domains, ICANN, Nominet and Internet Governance. You can stalk him on various social media networks including Twitter and Instagram
7 Comments
  1. maxsec September 22, 2008 at 12:42

    I gotta say I disagree here. Most people get taught that if the little padlock is locked then the site is secure and you put in CC details etc.
    BUT alot of places still use self-signed/poorly for all this stuff and it’s therefore easy, esp with DNS and BGP issues around to spoof the page and get interesting info.
    IMHO someone needs to fess up to this and start the debate on this, I say good good for Mozilla on this..

  2. Michele Neylon September 22, 2008 at 12:46

    I have to disagree.
    The way that Firefox 2 warned users was clear and didn’t mislead them while also offering them the option to “trust” the cert if they chose. The new setting throws an error page that is not clear and will confuse end users.

  3. Gen Kanai September 23, 2008 at 03:04

    Full disclosure: I work for Mozilla but not in the area in question.
    Johnathan Nightingale, from Mozilla Corporation, writes about the reasons why Mozilla made this change in Firefox.
    http://blog.johnath.com/2008/08/05/ssl-question-corner/
    Frank Hecker, from the Mozilla Foundation, also writes about this topic, focusing more on the fact that certificates can be had for free (which some people don’t know.)
    http://blog.hecker.org/2008/08/20/mozilla-and-certification-authorities/

  4. Michele Neylon September 23, 2008 at 11:58

    Gen
    Thanks for your comment.
    The problem I have is not with the concept of an error, but the way that the error is displayed.
    As it is not a popup, which users are probably used to, a lot of users won’t even read the error message, as they’ll just see that the site / page they were trying to access is not loading.
    The popup error message was more likely to have been read, as you had to do something with the popup to continue browsing. The argument that the user could dismiss the error is weak – surely the user has a right to dismiss an error after all?
    Michele

  5. Byron Yasgur November 13, 2008 at 15:24

    Confusing I say …. !!!
    i think firefox could have come up with a better system ….. saying that the site has an invalid security certificate just because it is self signed is inacurate and bound to create more problems down the line
    A poster mentioned that people were taught that “if the little padlock was there then it was safe to center cc details etc”. …. this was always in error … myself i always taught my customers to open the padlock and examine the cert if there was any doubt ….. yes it’s an issue that needs to be dealt with but this is the wrong end of the chainsaw !!

  6. Michele Neylon November 15, 2008 at 14:44

    Byron
    Not all new “features” are really improvements đŸ™‚
    Michele

  7. waffle247 December 11, 2008 at 11:26

    Inane? More like insane from my point of view. I use (on a daily basis probably 20 times or so a day) locahost / test network / training websites that all use self-signed certificates. Now that I know I can’t use these websites with firefox I shall treat it with the same respect they have done their users. In other words: Hey mozilla – welcome to uninstallvile population; you.

Comments are closed.

Go to Top