Am 01.05.2013 10:47, schrieb Enrico Tröger:
Is it a correct time for a little SSL-Mozilla-Bashing?> On 30/04/13 03:06, Lex Trotman wrote:
>> On 30 April 2013 08:55, Chris Williams <purplewelshy@googlemail.com> wrote:
>>
>>> Sorry I am a newbie and when I try to go to:
>>>
>>> https://lists.geany.org/cgi-bin/mailman/listinfo/users
>>>
>>> I get the following error:
>>>
>>> *******************************************************************
>>> This Connection is Untrusted
>>>
>>>
>>> You have asked Firefox to connect
>>> securely to lists.geany.org, but we can't confirm that your connection is
>>> secure.
>>> Normally, when you try to connect securely,
>>> sites will present trusted identification to prove that you are
>>> going to the right place. However, this site's identity can't be verified.
>>>
>>> What Should I Do?
>>>
>>> If you usually connect to
>>> this site without problems, this error could mean that someone is
>>> trying to impersonate the site, and you shouldn't continu
>>>
>>> lists.geany.org uses an invalid security certificate.
>>>
>>> The certificate is not trusted because no issuer chain was provided.
>>>
>>> (Error code: sec_error_unknown_issuer)
>>>
>>> If you understand what's going on, you
>>> can tell Firefox to start trusting this site's identification.
>>> Even if you trust the site, this error could mean that someone is
>>> tampering with your connection.
>>> Don't add an exception unless
>>> you know there's a good reason why this site doesn't use trusted
>>> identification.
>>> *********************************************************************
>>>
>>> Hi Chris,
>>
>> Unfortunately this is an argument between firefox and the certificate
>> provider such that firefox is unwilling to include the particular
>> certificate provider. Other browsers such as chrome or even IE (I
>> understand, I haven't tried myself) do include the certificate provider.
>>
>> The best suggestion is to use another browser or install the certificate
>> providers certificate yourself.
>
> Which you can find here:
> https://www.cacert.org/index.php?id=3
>
> A bit more information:
> Frank Lanitz created this certificate and it is signed by Cacert. To be
> able to do this, you first need to authenticate yourself to Cacert, in
> person including an identity check. Frank, and me also, did this. So,
> this is not just a self-signed certificate to have 'something' for SSL,
> but a qite good certificate. Even though Mozilla just doesn't consider
> it good enough to include the root certificate into their browser and
> other products :(.
They do not include CAcert with their Web-of-Trust-based method of
authentification, but include root-certificates which are known to be
very week PKI and there are rumors that some of them are ruled be the
agencies. </paranoid>
Cheers,
Frank
_______________________________________________
Users mailing list
Users@lists.geany.org
https://lists.geany.org/cgi-bin/mailman/listinfo/users