> Firefox reports:
>> "bugs.clamav.net uses an invalid security certificate. The certificate is
>> only valid for bugzilla.clamav.net Error code: SSL_ERROR_BAD_CERT_DOMAIN"

>> You can bypass the warning if desired.

(FWIW, Chrome also allows this)

Benny Pedersen wrote:
> worst advise you ever have giving here

I think he meant that Firefox offers to allow you to continue past the
warning (some warnings in SSL land are fatal) --
Speaking as someone who was involved in this error message.

Usability and Security are always tradeoffs. If a product is too
hard/painful/cumbersome to use, it doesn't matter if it's the most
secure, people will move away from it.

FWIW, the usual reason not to just drop a domain is inbound links from
the web. If you think there are links for this domain in people's
bookmarks, documentation, printed material, etc, or if you believe
people are likely to guess the domain, then you should keep the domain
and fix the cert (either w/ SNI or SAN).

As for setting up certs, I have faith that the ClamAV folks can fix
them (one of my adventures this week will be doing some certificate
issuing internally, and I'm sure I'll be sending bugs about poor
documentation to a number of vendors...).
clamav-users mailing list

Help us build a comprehensive ClamAV guide:


Reply via email to