On Feb 22, 7:06 pm, "Eddy Nigg (StartCom Ltd.)" <[EMAIL PROTECTED]> wrote: > Robert Relyea wrote: > > > This is operating exactly as planned. both Firefox 2 and Firefox 3 > > have rejected the certificate as bad since the certificate is > > inherently untrusted. Firefox 2 rejects the certificate in a way that > > many users doe not recognize 'rejecting the certificate'. We have > > fixed this problem in Firefox 3. > > Bob, expect to receive lots of such mail messages in the near future as > FF3 will be released...> I would say that Firefox 3's new UI is a resounding > success as it > > properly identified your certificate as broken in a way that you would > > recognize. > > ...and also expect that there will be many disgruntled admins who used > self-signed certificates up to now. It will take a while until this > "success" will be accepted in a natural way. In the long run however I > believe that the PKI trust model will gain in strength as it never did > in the past. > > > If you need a server that other users need to trust, talk to Eddie;). > > He can issue you server certs for a nominal fee, even free in some cases. > > Allow me to state for the ones who will browse the mailing lists for > clues about this error (and many other new and related messages > likeSEC_ERROR_BAD_SIGNATURE), that basic Class 1 domain validated server > certificates are issued for free athttp://www.startssl.com/and more > advanced ones after successful Class 2 identity validation (and > organization validation). Fees apply only for the validations performed > and no fees are charged for the certificate(s) themselves. Basically one > isn't limited on the amount of certificates one can create (some > restrictions apply). Hope this helps! > > -- > Regards > > Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> > Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> > Blog: Join the Revolution! <http://blog.startcom.org> > Phone: +1.213.341.0390
That's wonderful and all, but I am the user, not the network administrator. I want to browse my college's Microsoft Exchange service at https://mail.wyke.ac.uk/ Oops, I can't, "sec_error_bad_signature". Firefox 3 wont even let me add an exception, for reasons I can't quite understand. Validate with technology all you like, but this is a case where the technology is WRONG. This site is perfectly fine - myself, a superior human being, can recognize that I am trying to browse a legitimate server. It is not the role of the browser to outright block me from doing this. I WILL have a word with our technicians when I go back on Monday about getting their certificate sorted, but they won't listen to me, I am just a student. They will tell me to stick with Firefox 2 or use Internet Explorer. And you know what? I NEED to read my emails, so I just might have to. Way to go, guys. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
