Ray Kiddy wrote: > When I go to http://planet.mozilla.com, I get an alert saying that a > certificate cannot be verified. It says: > > "Unable to verify the identity of aurora.dynalias.net as a trusted site." <snip> > What, on the page that I am viewing, is triggering this alert?
It's an image in a blog post by Frédéric Wenzel. (I've cc-ed him on tis message.) He has an IMG tag linking to a URL of the form https://fredericiana.com/..., and that URL in turn redirects to the aurora.dynalias.net address that you're seeing. The error is because he's using an SSL certificate from CAcert.org, and their root certificate is not included in Firefox (or any other browser, for that matter). The problem can be fixed a couple of different ways. The easiest way is simply to edit the original blog post on fredericiana.com to use an http URL with the image, not an https URL. However this won't fix the problem in accessing planet.mozilla.org since it's using the copy of the post it already retrieved via the RSS feed. The more thorough fix is to get an SSL certificate from a CA that's recognized by Firefox. Go Daddy is the cheapest I've found; their lowest-cost SSL certificates are $20 per year (less if you sign up for multiple years). > I have no > idea what the effect of refusing the cert would be. It says it would not > "connect to this web site". Which web site? How can I tell which > resource is trying to reach this site? > > How does one even approach this problem in a UI? I do not have > suggestions. It just seems that I am being asked to respond to a > challenge, and I have no idea why I am being asked. So, how can I decide? You've hit upon what IMO is a real usability problem with SSL-enabled web sites: People think of the SSL UI and associated warning dialogs as being driven by the web page being viewed (i.e., the page whose URL is showing up in the location bar), but unfortunately SSL errors can be caused by any of the dozens of images and other content being inserted into the page by means of https URLs. How to handle this in an understandable manner is not IMO a trivial problem. Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
