On 1/26/2014 12:06 AM, Christian Riechers wrote:
On 01/26/2014 03:18 AM, Desiree wrote:
Both SeaMonkey 2.23 and Fx 24.2.0 refuse to connect to a NONsecure site
claiming the site is https and claiming invalid cert. Both browsers
refuse to let me look at the cert and make a security exception if I
wish. (I should not need to make any exception because the site is not
secure in the first place but Fx and SM think it is). The site is
http://www.tvfool.com. I can use both IE 10 and Opera 12.15 with no
problems at the site and no matter which pages I access at the site
neither IE or Opera claim the page is a secure one.
So, why does SM think the site is https? Secondly, why is SM (and Fx)
not allowing me to examine the cert? (If this was a secure site,
probably the cert might be from an authority that I list in my browsers
as "untrusted" because I want to make an individual decision (after
being notified which authority the site is using and examining the cert)
for any sites using certs from certain authorities.
Also, on sites that are secure, where the certifying authority is listed
by me in SeaMonkey (and Fx) as "untrusted", and I make an exception and
click the box to make the exception permanent, why is that never
remembered? It used to be remembered if I checked the box to make the
exception permanent for a specific site. IE and Opera have no
difficulty remembering exceptions so what happened recently to Fx and SM
to make them unable to remember permanent exceptions made by the user?
http://i.imgur.com/DmXmtl5.png
I am trying to go to this specific page (which SM and Fx mistakenly
think is a secure page but is not):
http://www.tvfool.com/index.php?option=com_wrapper&Itemid=29
Note (on the above screen shot) the lack of any way to make a security
exception for this "supposed" secure page.
It works fine here with FF. Even though the site isn't a https site,
there probably is some content sent encrypted. The browser requests a
certificate for www.tvfool.com. The actual certificate is:
*.tvfool.com
issuer
Go Daddy Secure Certification Authority
which is issued by
Go Daddy Class 2 CA
You don't see this normally, because it's all happening in the
background. But an add-on like Certificate Patrol makes it visible to
the user, and allows access to all stored server certificates.
I guess the reason for not being prompted for the exception is because
the site isn't https in the first place.
The reason for getting the error is possibly a corrupted certificate
store of your SM installation.
I tried again on Fx 24.2.0 ESR and this time it gave me the alert again
for untrusted cert but this time it also gave me the ability to add an
exception. SeaMonkey though still says the cert is untrusted and
refuses to give me the ability to add an exception.
I see now the cert is from GoDaddy. I have GoDaddy as untrusted in all
my browsers certificate managers. It's a rather sleazy cert authority
with a great of number certs issued to known malware sites. So, I want
my browsers to alert when I try to go to any site using GoDaddy cert. I
can then make a decision to not go to the site, make a one time
exception, or a permanent exception. I didn't know what cert authority
was involved because neither browser would let me see that information
earlier. Now Fx lets me see it but SeaMonkey does not.
IE and Opera do not need https anywhere on the site. I think Fx and
SeaMonkey encrypt it for a good reason actually and IE and Opera should
also. The encrypted page has you enter your exact address. That should
be transmitted encrypted for privacy reasons.
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
