Robert Relyea wrote: > > > This is operating exactly as planned. both Firefox 2 and Firefox 3 > have rejected the certificate as bad since the certificate is > inherently untrusted. Firefox 2 rejects the certificate in a way that > many users doe not recognize 'rejecting the certificate'. We have > fixed this problem in Firefox 3. Bob, expect to receive lots of such mail messages in the near future as FF3 will be released... > I would say that Firefox 3's new UI is a resounding success as it > properly identified your certificate as broken in a way that you would > recognize. ...and also expect that there will be many disgruntled admins who used self-signed certificates up to now. It will take a while until this "success" will be accepted in a natural way. In the long run however I believe that the PKI trust model will gain in strength as it never did in the past. > > If you need a server that other users need to trust, talk to Eddie;). > He can issue you server certs for a nominal fee, even free in some cases. Allow me to state for the ones who will browse the mailing lists for clues about this error (and many other new and related messages like SEC_ERROR_BAD_SIGNATURE), that basic Class 1 domain validated server certificates are issued for free at http://www.startssl.com/ and more advanced ones after successful Class 2 identity validation (and organization validation). Fees apply only for the validations performed and no fees are charged for the certificate(s) themselves. Basically one isn't limited on the amount of certificates one can create (some restrictions apply). Hope this helps!
-- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
