Dnia wtorek, 16 września 2008 o 19:49:33 Sylvain Beucler napisał(a): > > We've switched to CAcert.org https certificates instead of the previously > self-signed certificated. CAcert.org offers an alternative way to deliver > https certificates based on a web of trust - and their software is GPL'd. More > information at http://savannah.gnu.org/tls/ > >
TL;DR: Please have your certificate signed with StartSSL root [3] too. The certificate is free, as in beer, and it works well with Mozilla Firefox. In short, it certifies that the owner of the certificate could be reached as [email protected] at the time when the certificate was issued. Getting another signature does not invalidate the one you already have. I tired to report a bug against libcdio today. I am on openSUSE 11.4 and the default browser is Mozilla Firefox, so the hyperlink opened in Mozilla Firefox. I logged in and I was greeted by the repelling message "sec_error_untrusted_issuer" from Firefox similar to the one you describe [2]. I chose not to import the certificate because I believe the Mozilla Foundation has good reasons for not including the CACert by default. That certificate is not recognised by Firefox, pending audit. The audit process is stalled [4] and the perspectives of success in near future are grim. BTW, thank you for publishing a detailed introduction to handling your certificate [5], there is no need to quote that if you choose to answer. For the time being, I guess using GNU IceCat would be the best solution for talking to you. Best regards, Chris ___ [1] <URL: http://savannah.gnu.org/account/login.php?uri=%2Fprojects%2Flibcdio > [2] <URL: http://savannah.gnu.org/tls/tutorial/1-untrusted.png > [3] <URL: https://bugzilla.mozilla.org/show_bug.cgi?id=215243#c180 > [4] <URL: http://wiki.cacert.org/InclusionStatus > [5] <URL: http://savannah.gnu.org/tls/tutorial/ >
