Page 1 of 1

Security certificate

Posted: Sun 10. Jul 2011, 17:12
by chigozie
Notification emails send me to the https version of the site:
...
If you want to view the post, click the following link:
xxxxx

If you want to view the topic, click the following link:
xxxxx
...
But firefox complains:
legamus.eu uses an invalid security certificate.

The certificate is not trusted because it is self-signed.
The certificate is only valid for web.tuxfamily.net

(Error code: sec_error_untrusted_issuer)

Re: Security certificate

Posted: Mon 11. Jul 2011, 01:27
by Viktor
Unfortunately, there is not much I can do about this.

Tuxfamily is our hoster. Their web server runs lots of web sites all on the same port 443 for HTTPS. Due to the limited architecture of HTTPS in its current version, that means that all those sites must share the same certificate. Thus, its name is just "web.tuxfamily.org".

Browsers, especially Firefox, do overreact with their warnings. Through the last years, those message have become worse. So, we can only choose between:
* only using HTTP links, thus forgetting all the security benefits HTTPS has (after the user tells his browser: accept it, Tuxfamily is our friend)
* seeing those warnings.

I suggest to educate our regular users as well as all administrators to trust the web.tuxfamily.org certificate and to use HTTPS, and to hide HTTPS links from other users.

Could you forward me the message you got? My e-mail address should be accessible in my profile.