Well, for the first time ever I've got a Security Server Popup,
When I click on a link directing to a thread in the Doom9 forum.
I can only access the thread by clicking o.k.:rolleyes:
The very same threads open without this messages when I surf the forum directly.
Some illustrations below:
http://img67.imageshack.us/img67/1938/frontnewsnk2.th.png (http://img67.imageshack.us/my.php?image=frontnewsnk2.png)
http://img505.imageshack.us/img505/5530/securedconnectionyk0.th.png (http://img505.imageshack.us/my.php?image=securedconnectionyk0.png)
http://img505.imageshack.us/img505/1153/securitycertificationqh0.th.png (http://img505.imageshack.us/my.php?image=securitycertificationqh0.png)
http://img67.imageshack.us/img67/522/certificationuc1.th.png (http://img67.imageshack.us/my.php?image=certificationuc1.png)
http://img505.imageshack.us/img505/1395/detailszv0.th.png (http://img505.imageshack.us/my.php?image=detailszv0.png)

And when I hover the mouse pointer over the doom9 url, it sometimes shows doom9.hu.

What's wrong?
I don't want to install a security certificat just for browsing the forum from the frontpage.

Cheers

Taurus

Damn, Imageshack is slow as hell @the moment.....

Don't know about the doom9.hu, might be a mirror of some sort, but if you look in front you'll see that some of the links are using https now. This site's self-generated, rather than signed by Verisign, Thawte, or another root, so the untrusted message comes up. You just have to accept it temporarily or permanently to browse, or change the link back to http.

I could be wrong, but those https links are to attempt at getting bots to ignore them and to save the forum's server for real work
they're only on links to the forum after all

Umm.. since I now use https to connect to the forum(you know.. data retention.. makes it a lot more likely somebody gets his hands on records he has no business seeing), I must've taken the https link.

I'd like to use a "secure" connection too, but...

http://img409.imageshack.us/img409/3730/filedoom9secure2sf6.png

Thanks for the clarification.
@Doom9:I understand your intentions.

Cheers

Taurus

well.. that's what you get with a self signed certificate.. though I was able to talk both IE and firefox into accepting the certificate (even permanently). Then I had to tell firefox to do ssl caching as well so it won't reload all the images all the time.

I guess you need to tinker with the settings of your browser to at least ask you whether you want to continue or not.

I guess you need to tinker with the settings of your browser to at least ask you whether you want to continue or not.

That was the old behavior: Show a warning and let the user decide.
But they recently changed that, so I now see that error page and that's it :(
Guess that's the way it will be in the upcoming Firefox/SeaMonkey release...

maybe I should change my bookmark to https then D:

Mulder, are you able to use page info (or the lock icon) to view and import the certificate?

I might give FF 3 a shot and see how it goes. I don't know why they'd disable self-signed certificates, though, since encryption is more important on non-financial sites than authentication, as far as I'm concerned.

Mulder, are you able to use page info (or the lock icon) to view and import the certificate?

http://img216.imageshack.us/img216/3783/filedoom9secure3rd1.png

Unfortunately I can't. The "View Certificate" button does nothing...

http://www.doom9.org works fine here...

http://www.doom9.org works fine here...

click the links that lead to the forum

All good! They're all http:// as opposed to the https:// which you lot are touting. Plus, thanks to Doom9, I get a sneak peak at the future with tomorrow's news! :D

http://www.doom9.org works fine here...

http://www.doom9.org works of course.
https://www.doom9.org (https://www.doom9.org) does not work ;)

Why would you want secure access to Doom9, or a news site in general, anyway? Only Doom9 needs the secure access since he's the one updating it...

Why not?
If you don't use a secure connection, everybody can read your HTTP Requests as plaintext.
So stealing your login/password or hijacking your session id is piece of cake ...

Thanks to helpful people at the Mozilla Forum, I finally found the way to add an exception ;)

They really did a good job to hide that feature from the user:
Edit -> Preferences -> Privacy & Security-> Certificates -> Manage Certificates... -> Servers -> Add Exception -> "forum.doom9.org" -> Get Certificate -> Confirm Security Exception -> done :)

http://img263.imageshack.us/img263/6481/filedoom9secure4kq4.png

The security info panel might still be in flux. I hope it is if it's currently non-functional! In FF 2 you can view the cert and import it from there. The fun part of using nightlies. =D

I suppose https isn't really important if you're a regular member.. but moderators and admin logins are a lot more valuable.
There's no point in having the news behind https.. (and I'm not uploading via http.. it's ftps), but anywhere where you send credentials over the line, it's better to have it encrypted.