IBM uses self signed SSL certificates?

by Volker Weber

ibmselfsigned

Start using Firefox 3 and you get new insights.

Comments

openssl s_client -connect www-949.ibm.com:443

Tells me the same :-)

Sascha Reissner, 2008-06-18 12:29

FF2 tells you the same thing. Using self signed certs in and of itself is not necessarily a bad thing. Is this a customer facing site?

Kerr Rainey, 2008-06-18 13:18

i thought that Mozilla and Opera and Microsoft agreed on the color scheme for certificate error so users would have the same noticiation.

does it turn red if you continue after the warning ?

Flemming Riis, 2008-06-18 15:31

There is no need to use Firefox 3 to get this not always helpful message. The major problem is that hardly anybody sees and uses the offered hotspot "exception" ! That is the same situation with IE or Opera.....
And that is why companies like Verisign and Thawte have a rather simple and very successful business modell: They just sell the evidence of conformity with certificates stored in browser software.

Claus Bäumler, 2008-06-18 16:16

@Claus: You're correct. In fact, the dialog is technically incorrect - a certificate is not "invalid" simply because it is self-signed. This message is needlessly alarmist.

David Richardson, 2008-06-18 21:08

@David,
its properly considered invalid, because the connection may have been infiltrated by a man-in-the-middle attack.

Only if you would be able to verify the authenticity, it would even provide the higher level of integrity over an official certificate.

Roland Leißl, 2008-06-18 21:35

I agree with David - that the connection may have been infiltrated does not mean that the certificate is invalid. It's good that FF show's its suspicion, but to say the certificate is invalid is just not correct.

Martin Hiegl, 2008-06-18 22:02

From a client perspective, the trustworthiness of certificates rely solely on some bunch of chaining mumbo-jumbo. As roots of some authorities are stored on your system already, only these are considered valid, and so their descendants.

Unlike self-signed certs. They are considered invalid, because no reference is found, unless added to the trust-store manually. This dialog-phrase sure makes sense to users.

Much more important to me: I Heart the new look!

Roland Leißl, 2008-06-18 22:45

Recent comments

Ralph Hammann on BlackBerry improves the PRIV camera, again at 07:31
Ole Saalmann on How fast is a Tesla Mommy Mobile? at 21:43
Volker Weber on How fast is a Tesla Mommy Mobile? at 18:34
Felix Binsack on How fast is a Tesla Mommy Mobile? at 18:31
Ole Saalmann on How fast is a Tesla Mommy Mobile? at 18:30
Natanael Mignon on How fast is a Tesla Mommy Mobile? at 16:25
Markus Dierker on How fast is a Tesla Mommy Mobile? at 16:22
Stefan Dorscht on How fast is a Tesla Mommy Mobile? at 15:57
Andrew Magerman on OneCore to rule them all: How Windows Everywhere finally happened at 11:25
Nick Daisley on The man who answered the call to save BlackBerry at 09:35
Volker Weber on Connecting the dots at 20:28
Johannes Matzke on Connecting the dots at 18:35
Volker Weber on Connecting the dots at 16:40
Andy Mell on Connecting the dots at 16:32
Detlev Pöttgen on Connecting the dots at 13:10
Ingo Seifert on Connecting the dots at 11:48
Dragon Cotterill on The man who answered the call to save BlackBerry at 10:48
Volker Weber on The man who answered the call to save BlackBerry at 09:24
Patrick Kwinten on The man who answered the call to save BlackBerry at 09:21
Christian Just on Google has won at 08:19
Volker Weber on Google has won at 07:55
Hubert Stettner on Google has won at 07:52
Richard Kaufmann on Pebble is not folding its tent at 00:08
Richard Kaufmann on She just passed a thousand likes at 23:30
Richard Kaufmann on Pebble is not folding its tent at 23:24

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Amazon Wish List
Frequently Asked Questions

rss feed  twitter ello  instagram

snapchat

Local time is 08:26

visitors.gif