Start using Firefox 3 and you get new insights.
openssl s_client -connect www-949.ibm.com:443
Tells me the same :-)
FF2 tells you the same thing. Using self signed certs in and of itself is not necessarily a bad thing. Is this a customer facing site?
i thought that Mozilla and Opera and Microsoft agreed on the color scheme for certificate error so users would have the same noticiation.
does it turn red if you continue after the warning ?
There is no need to use Firefox 3 to get this not always helpful message. The major problem is that hardly anybody sees and uses the offered hotspot "exception" ! That is the same situation with IE or Opera.....
And that is why companies like Verisign and Thawte have a rather simple and very successful business modell: They just sell the evidence of conformity with certificates stored in browser software.
@Claus: You're correct. In fact, the dialog is technically incorrect - a certificate is not "invalid" simply because it is self-signed. This message is needlessly alarmist.
its properly considered invalid, because the connection may have been infiltrated by a man-in-the-middle attack.
Only if you would be able to verify the authenticity, it would even provide the higher level of integrity over an official certificate.
I agree with David - that the connection may have been infiltrated does not mean that the certificate is invalid. It's good that FF show's its suspicion, but to say the certificate is invalid is just not correct.
From a client perspective, the trustworthiness of certificates rely solely on some bunch of chaining mumbo-jumbo. As roots of some authorities are stored on your system already, only these are considered valid, and so their descendants.
Unlike self-signed certs. They are considered invalid, because no reference is found, unless added to the trust-store manually. This dialog-phrase sure makes sense to users.
Much more important to me: I Heart the new look!
Hubert Stett on Lumia 1520 mit Windows Phone 8.1 Preview at 17:08
Daniel Haferkorn on Sonos will drop the need to wire one component at 16:46
Markus Jabs on Sonos will drop the need to wire one component at 16:45
Jens Huber on Lumia 2520 - erste Eindrücke at 15:52
Ingo Seifert on Sonos will drop the need to wire one component at 15:37
Frédéric Dehédin on DJ-Headset wieder schön at 13:50
Volker Weber on Mixed Tape 56 is out at 09:15
Thomas Merchel on Mixed Tape 56 is out at 09:14
Thoimas Notinger on At a Glance at 21:26
Frank Paolino on Trolling LinkedIn at 19:55
John Lindsay on Trolling LinkedIn at 13:42
Sascha Langfus on Lumia 1520 mit Windows Phone 8.1 Preview at 08:54
Philipp Münzel on iCloud on Windows Phone at 03:18
Volker Weber on Lumia 1520 mit Windows Phone 8.1 Preview at 23:21
Harald Reisinger on Lumia 1520 mit Windows Phone 8.1 Preview at 22:54
Sascha Siekmann on Trolling LinkedIn at 20:12
Juergen Eichholz on Trolling LinkedIn at 17:49
Bruce Elgort on Trolling LinkedIn at 17:27
Bill Buchan on Trolling LinkedIn at 17:12
Mike McPoyle on Trolling LinkedIn at 16:55
Volker Weber on Trolling LinkedIn at 16:21
Daniel Haferkorn on Trolling LinkedIn at 13:58
Oliver Regelmann on iCloud on Windows Phone at 13:43
Harald Gaerttner on Belkin QODE Ultimate Keyboard Case for iPad Air at 13:22
Hubert Stettner on Lumia 1520 mit Windows Phone 8.1 Preview at 11:50