It is difficult to take sides in the debate over how Ff3 handles
the self-signed certificates.
See:
http://royal.pingdom.com/?p=339
The bottom line is the default certificate (aliased "s1as") that
GlassFish v3 Prelude server sends to browser (upon being contacted
on a secure http port) looks "ugly" in Firefox 3 and IE-7. The
inexperienced users are going to be confused because of that. And
there's nothing we can do about it.
I am in the process of checking in new self-signed certificate that
removes something like "lauterbie.sfbay.sun.com" from its DN and cleans
it up. Is there anything I can do to improve the situation?
Note -- it's not really about security. Knowledgeable admins will
take care of installing correct certificate. It's the question of
usability especially with developers that I want to know your
opinions about.
Thanks,
Kedar
PS - There is yet another issue in that all default domains installed
by all the users who install GF v3 Prelude (e.g. web.zip) will have
exactly same default server certificate, because of the way it is currently
set up. I hope it is not a security breach for a developer product. Frankly,
generating a certificate anew is not user friendly.