…someday…

To “cut costs,” they even went so far as to take away our MS Office Suite and give us LibraSuite.

As always, hoping for better days.
Cheers.

An important thing to remember is that these digital certificates serve two purposes: encryption, and identification. Any digital certificate, no matter who created it, will work for encryption. Your connection to a web site after seeing all those warnings is still encrypted (albeit using weaker cyphers). It’s the other function, identification, that’s causing the warnings. The owner of a self-signed cert, one not issued by a formal authority, can’t be determined, and the browser is warning you of the danger that you’re connected to a fake phishing web site.

When things work correctly, the certificate information would say that the cert was issued to “Robert Shepherd”, and you could trust that, because the Certificate Authority verified my identity. I can issue what are called “class 2″ certs because I’m verified; class 1 certs only verify that the name on a domain registration matches the name of whoever’s generated the cert, and that’s pretty easily faked. Class 2 verifies both the domain ownership and the identity of the purported owner.

And, in the grand scheme of things, little of this really matters. It’s kind of a joke, really, that most parts of the Zone that are wide open to be read by anybody, without registration, are nevertheless encrypted. I’m making a statement about privacy, and I wish it weren’t inconveniencing you, but I think on balance it’s worth it.

Thanks for going along with it.

A small dialogue box with two options:

1. “About Certificate Errors”
2. “View certificates”

In “View certificates” I get a dialogue box with 3 tabs — “General,” “Details” and “Certification Path”. Under the “General” tab is found “Certificate Information.”

Certificate Information displays:

Issued to: domU-12-31-39-07-85-C7
Issued by: domU-12-31-39-07-85-C7
Valid from: 4/24/2014 to 4/24/2015

This tab includes 2 options:

1. “Install Certificate”
2. “Issue Statement”

“Issue Statement” is disabled, so I “Installed”.
A few clicks, and I return to the tabbed dialogue box.

There appears to be no change. I closed the browser and reopened, again with no change. I warm-booted the PC, again with no change. I did a cold-restart, pretty sure it would change nothing. It changed nothing.

——

Anyway…

The second tab is “Details,” with a selection field displaying the following:

Version: V3
Serial number: 60 2b
Signature algorithm: sha256RSA
Issuer: root@domU-12-31-39-07-85…
Valid from: Thursday, April 24, 2014 8:34…
Valid to: Friday, April 24, 2015 8:34:37…
Subject: root@domU-12-31-39-07-85…
Public key: RSA (2048 bits)
Basic Constraints: Subject Type=CA, Path Lengt…
Subject Alternative Name: DNS Name=localhost, DNS Na…
Key Usage: Digital Signature, Non-Repudia…
Thumbprint algorithm: sha1
Thumbprint: 42 8b f6 1c c8 3b 91 ae ff 8a c…

“…” indicates a continuation with off-field/undisplayed data.

——

The “Certification Path” tab has 2 fields.

Field #1 displays “Certification path”:
domU-12-31-39-07-85-C7
Field #2 displays “Certificate status”:
This certificate is OK.

The alarm remains.

Cheers to all here.

I’m very curious: What happens when you connect to encrypted Google? (https://www.google.com). What I did is modeled after recommendations from Google and the Mozilla Foundation, and Google gets exactly the same test results the Zone gets (https://www.ssllabs.com/ssltest/analyze.html?d=google.com&s=74.125.239.113). Including not supporting IE8. Do you get the same error message at Google?

None of which will help you, I guess. I looked at Google hoping that they’d found a way to support IE8, and that I could copy it, but no such luck. Google gave up on IE8 too.

Sorry man. I suppose we’re straining at gnats, since you can power through the scary warning to view the Zone anyway. Mostly it’s my technical pride at stake: I don’t want my Web site generating scary warning messages.

Thanks for checking and reporting, Dan.

Cheers, Jody.

Well, thx anyway.