[Bug 224307] [NEW] Firefox does not load encrypted page if the certificate is not trusted

[Martin Gräßlin]

Public bug reported:

Binary package hint: firefox-3.0

Firefox has a very strange behaviour if you visit a https site which
uses self-signed or untrusted certificates.

Here the error:
"Secure Connection Failed
mail.martin-graesslin.com uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is not trusted.
The certificate is not valid for any server names.
(Error code: sec_error_untrusted_issuer)
    * This could be a problem with the server's configuration, or it could be someone trying to impersonate the server.
    * If you have connected to this server successfully in the past, the error may be temporary, and you can try again later."

IMHO this behaviour is wrong. Firefox should load the page nevertheless.
Authentification is not the most important feature of TLS, but
encryption.

Many university pages are encrypted with not "trusted" certificates. And
this is quite OK. Why should a university spend money for a "real"
certificate. Personally I trust my university more than for example
Verisign.

For a user who does not know about how TLS encryption works the page is
completely wrong. He will not know and understand that the webpage uses
an "untrusted" certificate, but will think that there is some real
problem.

Please change the behaviour. I do not have any problem with a warning as
it used to be in Firefox 2, but not loading at all is just - well let's
say stupid.

** Affects: firefox-3.0 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
Firefox does not load encrypted page if the certificate is not trusted
https://bugs.launchpad.net/bugs/224307
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox-3.0 in ubuntu.