IBM uses self signed SSL certificates?

by Volker Weber

ibmselfsigned

Start using Firefox 3 and you get new insights.

Tags:

Comments

openssl s_client -connect www-949.ibm.com:443

Tells me the same :-)

Sascha Reissner, 2008-06-18 12:29

FF2 tells you the same thing. Using self signed certs in and of itself is not necessarily a bad thing. Is this a customer facing site?

Kerr Rainey, 2008-06-18 13:18

i thought that Mozilla and Opera and Microsoft agreed on the color scheme for certificate error so users would have the same noticiation.

does it turn red if you continue after the warning ?

Flemming Riis, 2008-06-18 15:31

There is no need to use Firefox 3 to get this not always helpful message. The major problem is that hardly anybody sees and uses the offered hotspot "exception" ! That is the same situation with IE or Opera.....
And that is why companies like Verisign and Thawte have a rather simple and very successful business modell: They just sell the evidence of conformity with certificates stored in browser software.

Claus Bäumler, 2008-06-18 16:16

@Claus: You're correct. In fact, the dialog is technically incorrect - a certificate is not "invalid" simply because it is self-signed. This message is needlessly alarmist.

David Richardson, 2008-06-18 21:08

@David,
its properly considered invalid, because the connection may have been infiltrated by a man-in-the-middle attack.

Only if you would be able to verify the authenticity, it would even provide the higher level of integrity over an official certificate.

Roland Leißl, 2008-06-18 21:35

I agree with David - that the connection may have been infiltrated does not mean that the certificate is invalid. It's good that FF show's its suspicion, but to say the certificate is invalid is just not correct.

Martin Hiegl, 2008-06-18 22:02

From a client perspective, the trustworthiness of certificates rely solely on some bunch of chaining mumbo-jumbo. As roots of some authorities are stored on your system already, only these are considered valid, and so their descendants.

Unlike self-signed certs. They are considered invalid, because no reference is found, unless added to the trust-store manually. This dialog-phrase sure makes sense to users.

Much more important to me: I Heart the new look!

Roland Leißl, 2008-06-18 22:45

Recent comments

Detlev Buschkamp on IBM will mit Verse E-Mail neu erfinden | heise online at 04:12
Thorsten Ebers on Sign up now to IBMVerse.com at 21:45
Christian Henseler on Sign up now to IBMVerse.com at 21:04
Volker Weber on TLS 1.2 support in Domino 9.0.1 Fix Pack 3 Interim Fix 2 at 20:40
Scott Vrusho on TLS 1.2 support in Domino 9.0.1 Fix Pack 3 Interim Fix 2 at 20:37
Volker Weber on Sign up now to IBMVerse.com at 20:14
Christian Henseler on Sign up now to IBMVerse.com at 20:00
Ralf ter Veer on TLS 1.2 support in Domino 9.0.1 Fix Pack 3 Interim Fix 2 at 16:21
Stefan Heinz on Amazon Cloud Drive drops the limit at 16:06
Erik Schwalb on IBM will mit Verse E-Mail neu erfinden | heise online at 14:24
Volker Weber on This is very hard to believe at 13:45
Erik Brooks on This is very hard to believe at 13:41
Tobias Hauser on Pull to the cloud at 12:39
Stefan Tilkov on Pull to the cloud at 11:05
Stefan Tilkov on Pull to the cloud at 11:00
Lars Berntrop-Bos on TLS 1.2 support in Domino 9.0.1 Fix Pack 3 Interim Fix 2 at 01:53
Max Nierbauer on Microsoft introduces Surface 3 at 22:04
Jörg Weske on Eine stolze Präsentation at 21:39
Martin Kautz on 22 Wochen mit 2600 km. Oder: Kleinvieh macht auch Mist. at 20:44
Volker Weber on IBM will mit Verse E-Mail neu erfinden | heise online at 16:57
Ralf M Petter on IBM will mit Verse E-Mail neu erfinden | heise online at 16:47
Volker Weber on Infinit is now available on iOS & Android! at 16:31
Axel Borschbach on Infinit is now available on iOS & Android! at 16:28
Volker Weber on IBM will mit Verse E-Mail neu erfinden | heise online at 15:44
Stefan Voll on IBM will mit Verse E-Mail neu erfinden | heise online at 15:41

Ceci n'est pas un blog

vowe.net is a personal website published by Volker Weber a.k.a. vowe. I am an author, consultant and systems architect based in Darmstadt, Germany.

rss Click here to subscribe

Hello

About me
Contact
Publications
Certificates
Amazon Wish List
Frequently Asked Questions
Follow @vowe on Twitter

Local time is 05:09

visitors.gif

Tip jar

Archives

As most of my articles roll off the front page rather quickly, I am making an archive of previous posts available here. You can also use the handy search box at the top of the page if you are looking for something particular.

Last 30 days
More archives

Mobile tag for this page

© 1992-2015 Volker Weber.
All Rights Reserved.

Impressum