Microsoft deems all DigiNotar certificates untrustworthy, releases
davei at otd.com
Tue Sep 13 14:54:25 UTC 2011
On 9/13/2011 10:29 AM, Tei wrote:
> *a random php programmer shows*
> He, I just want to self-sign my CERT's and remove the ugly warning that
> browsers shows. I don't want to pay 1000$ a year, or 1$ a year for that. I
> just don't want to use cleartext for internet data transfer. HTTP is like
> telnet, and HTTPS is like ssh. But with ssh is just can connect, with
> browsers theres this ugly warning and "fuck you, self-signed certificate"
> from the browsers. Please make the pain stop!.
With ssh, you will get a warning if the remote host key is not known,
with a fingerprint and advice not to accept it if you don't know if it
is correct. This is a direct analog to the warning that the remote
host's certificate cannot be verified. In both cases, you are given the
chance to accept the key/certificate and continue going; depending on
the implementation, you might also be given the option to accept it once
or forever. Ssh is actually prone to bigger, uglier, more explicit "you
probably don't want to trust this" warnings, especially about things
like key changes.
More information about the NANOG