Security certificate

Post Reply
chigozie
Posts: 8
Joined: Fri 8. Jul 2011, 18:29

Security certificate

Post by chigozie » Sun 10. Jul 2011, 17:12

Notification emails send me to the https version of the site:
...
If you want to view the post, click the following link:
xxxxx

If you want to view the topic, click the following link:
xxxxx
...
But firefox complains:
legamus.eu uses an invalid security certificate.

The certificate is not trusted because it is self-signed.
The certificate is only valid for web.tuxfamily.net

(Error code: sec_error_untrusted_issuer)
Chigozie
-------------
"Outside of a dog, a book is [person]'s best friend. Inside of a dog, [an audio book is]." -- Groucho Marx

User avatar
Viktor
Posts: 521
Joined: Mon 4. Jul 2005, 01:24
Location: France

Re: Security certificate

Post by Viktor » Mon 11. Jul 2011, 01:27

Unfortunately, there is not much I can do about this.

Tuxfamily is our hoster. Their web server runs lots of web sites all on the same port 443 for HTTPS. Due to the limited architecture of HTTPS in its current version, that means that all those sites must share the same certificate. Thus, its name is just "web.tuxfamily.org".

Browsers, especially Firefox, do overreact with their warnings. Through the last years, those message have become worse. So, we can only choose between:
* only using HTTP links, thus forgetting all the security benefits HTTPS has (after the user tells his browser: accept it, Tuxfamily is our friend)
* seeing those warnings.

I suggest to educate our regular users as well as all administrators to trust the web.tuxfamily.org certificate and to use HTTPS, and to hide HTTPS links from other users.

Could you forward me the message you got? My e-mail address should be accessible in my profile.

Post Reply