Once upon a time, Kevin Kofler <kevin.kofler@xxxxxxxxx> said: > Most likely it's just a self-signed SSL certificate. Very common, and > Firefox stupidly throws a fit over it (which is dumb because it encourages > sites to just use unencrypted HTTP instead, which is even less secure, yet > gets through with no warning). Just OK the certificate. HTTPS with an unknown self-signed cert is barely any more secure than unencrypted HTTP, since a man-in-the-middle attack could just be replacing the cert and decrypting all communications. However, the reason to "throw a fit" is that end-users have been trained that "HTTPS == secure". They know that HTTP is not secure, but they don't know the details of how SSL/TLS work to know that "HTTPS with unknown cert != secure". -- Chris Adams <cmadams@xxxxxxxxxx> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
