Re: Forced HTTPS on web site

Andrew Savchenko, 09.03.2012 15:51:
> On Fri, 09 Mar 2012 15:31:53 +0100 Alexander Kriegisch wrote:
>> Maybe it would be a good idea to either use a commercial
>> certificate or, if that is too expensive, continue using the
>> self-signed one, but only to log in and after you are logged in.
> Commercial certificate is not necessary, CACert certificates are 
> acknowledged by any sane browser and may be obtained for free after 
> registration.

One more comment about this statement, because it surprised me and I
just got around to testing it today. The result is as it always was: no
browser I tested (current release versions of Chrome, FF, Opera, IE)
trusts the CAcert root certificate, every single one shows a warning.
Anything else would have been a surprise to me. Getting automatic trust
on such certificates would be a security nightmare. Even with WOT
notaries it is not much better.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]