Christophe Thiaux wrote:
Ah... So in Firefox 2 you get a dialog that warns you the certificate is bad? In Firefox 3 it prevents you from connecting?Christophe Thiaux a écrit :I can't connect on an ssl server with Firefox 3: it displays SEC_ERROR_BAD_SIGNATURE But if i'm connecting with Firefox 2 and accept the certificate definately, then the connexion with Firefox 3 worksMy certificate is a self signed certificate. Is there other people who are using such certificates ?
This is operating exactly as planned. both Firefox 2 and Firefox 3 have rejected the certificate as bad since the certificate is inherently untrusted. Firefox 2 rejects the certificate in a way that many users doe not recognize 'rejecting the certificate'. We have fixed this problem in Firefox 3.
In general self-signed certificates are bad crypto hygiene. The are basically only useful for a private user connecting to their own webserver for testing. Firefox 3 does provide a way to eventually trust *just that certificate*, but it's not obvious to users. I would say that Firefox 3's new UI is a resounding success as it properly identified your certificate as broken in a way that you would recognize.
If you are running a corporate server, you should create a corporate CA. All your users should trust that CA. Then you can issue SSL server certs to your hearts content for those users.
If you need a server that other users need to trust, talk to Eddie;). He can issue you server certs for a nominal fee, even free in some cases.
bob
TIA
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
