New^W NOT in Kestrel #5: As many certificate warnings (if you don't want them)
Friday, 21. December 2007, 16:01:34
As I explained in "NOT in Kestrel #4", the certificate is the passport of the website. What was not significatly mentioned in that article is that if there is any non-fatal problem with the verification of the certificate, or with other related information, Opera (and other clients) will display
a certificate warning.
Problems that cause certificate warnings to be displayed can for example be:
These warnings are displayed the first time in a session that you connect to a given server, and would not be displayed again for the rest of the session if the user accepted the certificate.
This has (understandably) caused some irritation when a user is frequently visiting a site causing such warnings to be displayed, and there has been frequent requests to be able to accept such certificates more permanently.
I have been, and still am, skeptical to such an ability, because I think a serious and secure website should not trigger security warnings.
I have, however, decided to meet the requests halfway. In Opera 9.50 it is now possible from the security panel of the certificate warning to "permanently" accept a certificate for the given SSL/TLS server (and port). Although accepted by the user, Opera will (same as before) not display a padlock for these sites because Opera has not been able to properly establish the server's credentials.
The acceptance isn't, however, quite "permanent" (therefore the quotes). A certificate that has not expired will be accepted until it expires (at which time the webmaster SHOULD replace it), and for periods of 90 days at a time after expiration.
Enjoy, but use with caution.
Seasons Greetings! See you in the new year.
a certificate warning.
Problems that cause certificate warnings to be displayed can for example be:
- The certificate issuer is unknown (and it is not possible to discover a link to a known Root).
- The certificate is expired
- The name of the server does not match any of the servers named in the
certificate.
- Weak encryption keys (now only public keys)
These warnings are displayed the first time in a session that you connect to a given server, and would not be displayed again for the rest of the session if the user accepted the certificate.
This has (understandably) caused some irritation when a user is frequently visiting a site causing such warnings to be displayed, and there has been frequent requests to be able to accept such certificates more permanently.
I have been, and still am, skeptical to such an ability, because I think a serious and secure website should not trigger security warnings.
I have, however, decided to meet the requests halfway. In Opera 9.50 it is now possible from the security panel of the certificate warning to "permanently" accept a certificate for the given SSL/TLS server (and port). Although accepted by the user, Opera will (same as before) not display a padlock for these sites because Opera has not been able to properly establish the server's credentials.
The acceptance isn't, however, quite "permanent" (therefore the quotes). A certificate that has not expired will be accepted until it expires (at which time the webmaster SHOULD replace it), and for periods of 90 days at a time after expiration.
Enjoy, but use with caution.
Seasons Greetings! See you in the new year.
WIDGETIZE
d.i.z. # 22. December 2007, 15:40
Now Opera does not ask to accept certificate as expected, but in Security panel it says:
Shouldn't the last sentance say "You have asked NOT to be warned...". Or this is something different?
As checkbox is not re-selected by Opera, I assume this message should give me information about current "ignore warning" status.
NoteMe # 22. December 2007, 18:40
https://list.opera.com/mailman/listinfo
And if I accept it anyway, I can't say that I see it anywhere under "manage certificates". Can anyone confirm?
Opera 9.5 1729
- ØØ -