Re: [Savannah-users] CAcert.org https certificates

[Křištof Želechovski]

Dnia wtorek, 16 września 2008 o 19:49:33 Sylvain Beucler napisał(a):
> 
> We've switched to CAcert.org https certificates instead of the previously
> self-signed certificated. CAcert.org offers an alternative way to deliver
> https certificates based on a web of trust - and their software is GPL'd. More
> information at http://savannah.gnu.org/tls/
> 
> 

TL;DR: Please have your certificate signed with StartSSL root [3] too.  The 
certificate is free, as in beer, and it works well with Mozilla Firefox.  In 
short, it certifies that the owner of the certificate could be reached as 
address@hidden at the time when the certificate was issued.  Getting another 
signature does not invalidate the one you already have.

I tired to report a bug against libcdio today.  I am on openSUSE 11.4 and the 
default browser is Mozilla Firefox, so the hyperlink opened in Mozilla Firefox. 
 
I logged in and I was greeted by the repelling message 
"sec_error_untrusted_issuer" from Firefox similar to the one you describe [2].  
I chose not to import the certificate because I believe the Mozilla Foundation 
has good reasons for not including the CACert by default.

That certificate is not recognised by Firefox, pending audit.  
The audit process is stalled [4] and the perspectives of success in near future 
are grim.

BTW, thank you for publishing a detailed introduction to handling your 
certificate [5], there is no need to quote that if you choose to answer.  For 
the time being, I guess using GNU IceCat would be the best solution for talking 
to you.

Best regards,
Chris
___
[1] <URL: http://savannah.gnu.org/account/login.php?uri=%2Fprojects%2Flibcdio >
[2] <URL: http://savannah.gnu.org/tls/tutorial/1-untrusted.png >
[3] <URL: https://bugzilla.mozilla.org/show_bug.cgi?id=215243#c180 >
[4] <URL: http://wiki.cacert.org/InclusionStatus >
[5] <URL: http://savannah.gnu.org/tls/tutorial/ >