On 3/9/2017 2:44 AM, Simon Charles wrote:
Hi
I would love to try SeaMonkey, but I can't download it!
I am a long-term Mozilla user trying to download it from
http://www.seamonkey-project.org/releases - using Firefox on Windows 7.
Frustratingly, I just get the following 'insecure connection' warning
(with no obvious option for circumventing it):
-----------------------------------
Your connection is not secure
The owner of download.cdn.mozilla.net has configured their website
improperly. To protect your information from being stolen, Firefox has
not connected to this website.
This site uses HTTP Strict Transport Security (HSTS) to specify that
Firefox may only connect to it securely. As a result, it is not possible
to add an exception for this certificate.
Learn more...
[BUTTON] Go back [BUTTON] Open Login Page
[BUTTON]Advanced
-----------------------------------
which gives the impression that Firefox doesn't want you to download
SeaMonkey, that one part of Mozilla is not a good fit with another part.
The advice given in the Windows Installation Instructions on
http://www.seamonkey-project.org/doc/install-and-uninstall (text below)
is no help if there is no advice on getting beyond the warning page.
-----------------------------------
Note: Windows may warn you that it could not verify the publisher when
you try to run the installer. This is because the SeaMonkey installer
for Windows is not digitally signed. As long as you downloaded the
installer from either www.seamonkey-project.org or mozilla.org, you can
safely ignore it (more experienced users may use the checksums linked to
from the download pages to verify the integrity of the installer).
-----------------------------------
Looking forward to trying SeaMonkey - and seeing an update on the
Documentation so that other people don't get put off and abandon trying
to download it (as I nearly have been).
Thanks
SC
How did you get a secure page when that site is NOT https? In the
address bar just remove the "s" from "https" and you will be fine.
I can easily get the same error you got if I stick an "s" on the end of
"http" . Here's why:
"www.seamonkey-project.org uses an invalid security certificate. The
certificate is only valid for the following names:
static-san.mozilla.org, addons.mozilla.com,
autoconfig-live.mozillamessaging.com, autoconfig.thunderbird.net,
broker-live.mozillamessaging.com, live.mozillamessaging.com,
live.thunderbird.net, nightly.mozilla.org, getfirefox.com,
www.getfirefox.com, opensearch-live.mozillamessaging.com,
dnt.mozilla.org, support.live.mozillamessaging.com, firefox.com,
www.firefox.com, apps.mozillalabs.com, webmaker.mozillalabs.com,
support.mozillamessaging.com, heatmap.mozillalabs.com,
videos-cdn.mozilla.net, videos.mozilla.org, planet.mozilla.org,
publicsuffix.org, www.publicsuffix.org, static.mozilla.com, mozilla.com,
www.mozilla.com, activations.mozilla.com, activations.mozilla.org,
firefoxflicks.com, www.firefoxflicks.com, aurora.mozilla.org,
beta.mozilla.org, pontoon.mozillalabs.com, sso.mozilla.com,
openstandard.org, openstandard.com, theopenstandard.net,
www.openstandard.org, www.openstandard.com, www.theopenstandard.net,
contribute.mozilla.org, www.bugzilla.org, bugzilla.org,
firefoxflicks.org, www.firefoxflicks.org, friends.mozilla.org,
content.mozilla.org, tlscanary.mozilla.org, trackertest.org,
itisatracker.org, itisatracker.com, product-details.mozilla.org,
careers.mozilla.com, forums.mozilla.org, bzr.mozilla.org,
join.mozilla.org, thehub.mozilla.com, git.mozilla.org,
affiliates.mozilla.org, openstandard.mozilla.org, contributejson.org,
input.mozilla.org, input.mozilla.com, masterfirefoxos.mozilla.org,
moztrap.mozilla.org, designlanguage.mozilla.org, oneanddone.mozilla.org,
mobilepartners.mozilla.org, leandatapractices.org,
leandatapractices.com, mozilla.org.uk, ask.mozilla.org,
www-archive.mozilla.org, website-archive.mozilla.org"
As you can see, the SeaMonkey site is NOT on the above list and that's
because it doesn't use "https" rather "http". Plus, on Fx 45.8 ESR, I
can add an exception. Even for the Mozilla sites listed above none are
Strict Transport and they better never be as that is just puffed up
nonsense. HTTPS where an exception can be added is sufficient but
SeaMonkey is not even using that. SeaMonkey retains COMMON SENSE
because the entire web does NOT need to be behind HTTPS and especially
NOT behind HSTS which means I can't go to sites that have HSTS certs and
have them issued by Comodo or Go Daddy as I have my browsers set to warn
me about any site using a cert from either of those "authorities" and
then I decide if I want to make an exception or just not visit the site.
HSTS doesn't let one make exceptions and that just further cripples
the user who wishes to reserve their own judgement about sites using
certs from certain so called authorities. HSTS is just another way of
limiting the user and Mozilla has been going down that path for years
now with each Fx version being more and more rigid and restrictive
(might as well just merge with Chrome browser). SeaMonkey is not doing
this to its users so it is symbolically fitting that it uses simple
"http" for its site.
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
