Microsoft deems all DigiNotar certificates untrustworthy, releases

David Israel davei at
Tue Sep 13 14:54:25 UTC 2011

On 9/13/2011 10:29 AM, Tei wrote:
> *a random php programmer shows*
> He, I just want to self-sign my CERT's and remove the ugly warning that
> browsers shows. I don't want to pay 1000$ a year, or 1$ a year for that. I
> just don't want to use cleartext for internet data transfer.  HTTP is like
> telnet, and HTTPS is like ssh. But with ssh is just can connect, with
> browsers theres this ugly warning and "fuck you, self-signed certificate"
> from the browsers.  Please make the pain stop!.

With ssh, you will get a warning if the remote host key is not known, 
with a fingerprint and advice not to accept it if you don't know if it 
is correct.  This is a direct analog to the warning that the remote 
host's certificate cannot be verified.  In both cases, you are given the 
chance to accept the key/certificate and continue going; depending on 
the implementation, you might also be given the option to accept it once 
or forever.  Ssh is actually prone to bigger, uglier, more explicit "you 
probably don't want to trust this" warnings, especially about things 
like key changes.

More information about the NANOG mailing list