A Mind Lost

Anything and everything.

Firefox – Untrusted Connection

Yesterday I decided it was time to update my information at the Linux Counter (#334357, since 2003… seems like so long ago sometimes).  Anyway, upon trying to log in, Firefox threw up its big “Untrusted Connection” warning.

Screenshot of Firefox warning of an Untrusted Connection.

Rather than bothering to figure out why such a well-known and long lived website was causing Firefox to barf, I just whitelisted the whole domain and continued on my merry way.

This morning I grabbed an old issue of Linux Magazine from September 2006 to peruse during my morning constitutional. Coincidentally enough, it contained an article entitled “CACert : World-class security at the right price” by Tanner Lovelace.  CACert is the SSL certificate provider the Linux Counter uses, and the article included information on how to get Firefox to stop being retarded about CACert certificates.

Head over to CACert’s website, and click on Root Certificate over on the right side of the page.  For Firefox, we want “Root Certificate (PEM Format)”.

Firefox's Download Certificate dialog.

I chose to trust everything, as you can see from the check boxes.  The result is that CACert certified sites will no longer cause Firefox to warn about them being untrusted.

“To date, CACert is not yet included in the main browsers like Firefox, but the organization is actively working to meet the criteria set by Mozilla.”
— Tanner Lovelace, from the aforementioned article.

I’m not sure if I should be annoyed with Mozilla for not including CACert by default, or CACert for not meeting whatever criteria it doesn’t.  Either way it’s only a minor inconvenience, although in the four years since the Linux Magazine article was published I am surprised that nothing’s changed.


One response to “Firefox – Untrusted Connection

  1. Tanner Lovelace 2011/01/17 at 4:41 pm

    I’m glad to see you got something useful out of my article. Since then, Mozilla has established a well defined criteria for what certificates it will include and a big chunk of that is a successful security audit. CACert had started their audit, but unfortunately, it was suspended in December 2006 because of management structure issues[1]. Sadly, they still haven’t yet been able to get ready for the audit, but apparently they do have at least some sort of plan for it[2]. I fear, however, that they’ve squandered a good opportunity.

    [1] https://bugzilla.mozilla.org/show_bug.cgi?id=215243#c158
    [2] http://blog.cacert.org/2010/10/489.html

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: