To add to this, a certificate signed by
http://cacert.org is also
treated as a certificate signed by "unknown" issuer!
I thought cacert.org was a reliable issuing authority.
- Kedar
Kedar Mhaswade wrote:
> It is difficult to take sides in the debate over how Ff3 handles
> the self-signed certificates.
>
> See: http://royal.pingdom.com/?p=339
>
> The bottom line is the default certificate (aliased "s1as") that
> GlassFish v3 Prelude server sends to browser (upon being contacted
> on a secure http port) looks "ugly" in Firefox 3 and IE-7. The
> inexperienced users are going to be confused because of that. And
> there's nothing we can do about it.
>
> I am in the process of checking in new self-signed certificate that
> removes something like "lauterbie.sfbay.sun.com" from its DN and cleans
> it up. Is there anything I can do to improve the situation?
>
> Note -- it's not really about security. Knowledgeable admins will
> take care of installing correct certificate. It's the question of
> usability especially with developers that I want to know your
> opinions about.
>
> Thanks,
> Kedar
>
> PS - There is yet another issue in that all default domains installed
> by all the users who install GF v3 Prelude (e.g. web.zip) will have
> exactly same default server certificate, because of the way it is currently
> set up. I hope it is not a security breach for a developer product.
> Frankly,
> generating a certificate anew is not user friendly.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>