IBM uses self signed SSL certificates?

by Volker Weber

ibmselfsigned

Start using Firefox 3 and you get new insights.

Tags: ibm ssl certificate

2008-06-18 :: email :: twitter :: facebook :: google+

Comments

openssl s_client -connect www-949.ibm.com:443

Tells me the same :-)

Sascha Reissner, 2008-06-18 12:29

FF2 tells you the same thing. Using self signed certs in and of itself is not necessarily a bad thing. Is this a customer facing site?

Kerr Rainey, 2008-06-18 13:18

i thought that Mozilla and Opera and Microsoft agreed on the color scheme for certificate error so users would have the same noticiation.

does it turn red if you continue after the warning ?

Flemming Riis, 2008-06-18 15:31

There is no need to use Firefox 3 to get this not always helpful message. The major problem is that hardly anybody sees and uses the offered hotspot "exception" ! That is the same situation with IE or Opera.....
And that is why companies like Verisign and Thawte have a rather simple and very successful business modell: They just sell the evidence of conformity with certificates stored in browser software.

Claus Bäumler, 2008-06-18 16:16

@Claus: You're correct. In fact, the dialog is technically incorrect - a certificate is not "invalid" simply because it is self-signed. This message is needlessly alarmist.

David Richardson, 2008-06-18 21:08

@David,
its properly considered invalid, because the connection may have been infiltrated by a man-in-the-middle attack.

Only if you would be able to verify the authenticity, it would even provide the higher level of integrity over an official certificate.

Roland Leißl, 2008-06-18 21:35

I agree with David - that the connection may have been infiltrated does not mean that the certificate is invalid. It's good that FF show's its suspicion, but to say the certificate is invalid is just not correct.

Martin Hiegl, 2008-06-18 22:02

From a client perspective, the trustworthiness of certificates rely solely on some bunch of chaining mumbo-jumbo. As roots of some authorities are stored on your system already, only these are considered valid, and so their descendants.

Unlike self-signed certs. They are considered invalid, because no reference is found, unless added to the trust-store manually. This dialog-phrase sure makes sense to users.

Much more important to me: I Heart the new look!

Roland Leißl, 2008-06-18 22:45

Recent comments

Thomas Lang on Der elektronische Michel at 06:53
Federico Hernandez on Der elektronische Michel at 23:42
thorsten ebers on Der elektronische Michel at 23:30
Tobias Mueller on Der elektronische Michel at 22:03
Wolfgang Flamme on Der elektronische Michel at 17:40
Curt Goldstin on Der elektronische Michel at 17:39
Hanno Zulla on Der elektronische Michel at 17:06
Thomas Lang on Der elektronische Michel at 16:46
Max Nierbauer on Der elektronische Michel at 16:40
Thomas Merchel on Zweiter in der COSYNUS Classic at 11:38
Joerg Michael on Sh!t happens at this company at 15:02
Ben Poole on Sh!t happens at this company at 13:40
Uli Lehmann on Zweiter in der COSYNUS Classic at 11:01
Felix Binsack on Zweiter in der COSYNUS Classic at 20:16
Thomas Lang on Zweiter in der COSYNUS Classic at 15:17
marco foellmer on My best computer purchase ever at 14:38
Stephan Perthes on Zweiter in der COSYNUS Classic at 09:52
Johannes Matzke on Googles Kalender-API bleibt offen für alle at 17:17
Johannes Matzke on Colors at 17:00
Jan Lauer on COSYNUS Classic 2013 at 22:21
Felix Binsack on My best computer purchase ever at 22:20
Axel Koerv on Mordssicherer Hotel-Tresor at 21:49
Hubert Stettner on Here comes the big one at 21:35
Thomas Lang on Überall-Musik macht Urlaub - Ihr könnt was gewinnen at 18:37
Ryan Partlow on Colors at 18:36

communicate :: collaborate :: commemorate