Apache doesn't currently distribute any SSL certificates whatsoever. And the only issue with your 'snake oil' certificates is that they are effectively invalid, only demonstrating that the communications are encrypted, but there is no trust provider.
The "Someone in control" would be the administrators of the specific websites you are visiting. Suing Microsoft because users don't replace the IIS default page is as absurd as your suggestion in re. this cert. Just like spam, badly administered web sites are something you simply have to cope with. The serenity prayer might come in handy here. I am forwarding this to the httpd list, just to point out to the httpd authors that, in spite of your silly and overly dramatic message, that this is a perception problem for end users [much like the "It Worked! Apache is successfully installed." message] that should be avoided when Apache 2.0's final SSL components are put in place. Bill ----- Original Message ----- From: "V. Wolfe" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, November 27, 2001 8:20 PM Subject: Please help with this Snake Oil problem > Hello! > I am really getting tired of the Snake Oil certificate > coming > up when I try to visit new sites, or even sites I design. > It's beyond frustrating. I've wasted tons of time trying > to track down contact people - find them - they don't > reply. I am about to set out a lawsuit. > Someone at Apache or the Snakey Oil people need > to reply to me by December first with a solution. > The certificate presents in a ridiculously sneaky mode, > with no options to get beyond it....... > > Please relay this to someone in control of this > situation. > > Thanks. > > V. Wolfe > Seattle > >
