[ntp:questions] lists.ntp.org uses an invalid security certificate....

David J Taylor david-taylor at blueyonder.not-this-part.nor-this.co.uk.invalid
Sun Sep 6 07:38:24 UTC 2009


"Dave Hart" <davehart at gmail.com> wrote in message 
news:594a23a4-75f3-4081-9346-9c0955a69ef9 at x5g2000prf.googlegroups.com...
> On Sep 6, 6:49 am, "David J Taylor"  wrote:
>> "Dave Hart" <> wrote in message
>>
>> >http://lists.ntp.org/pipermail/questions/2009-September/024201.html
>>
>> > Cheers,
>> > Dave Hart
>>
>> Thanks for the pointer, Dave.
>>
>> When visiting that site in Firefox, but not in Internet Explorer, I get
>> the warning:
>>
>>   lists.ntp.org:443 uses an invalid security certificate.
>>
>> "The certificate is not trusted because the issuer certificate is
>> unknown."
>>
>> Perhaps my Firefox needs something?
>
> Neither of the URLs given above are using https, they are both 
> http://...,
> so one answer would be to tell you you're confused ;)  However
> lists.ntp.org mailing list archives are also available over https, and
> Firefox is telling you it doesn't trust the certificate, which is
> true.  All ntp.org https sites use certificates from cacert.org, which
> is not trusted by any browser with enough market share to mention out
> of the box.  You must have previously installed the cacert.org root
> certificate, or the https://lists.ntp.org certificate into IE to avoid
> the warning.
>
> This is a bit of a sore point with me, and I've gone so far as to find
> affordable trusted certificates and offer to pay for them, but the
> idea was vetoed.  Apparently, supporting cacert.org's windmill-tilting
> is more important than not scaring away innocent users who try to
> visit http://bugs.ntp.org and find every link redirects them to
> https://support.ntp.org/... which throws up a certificate warning to
> those of us who have not installed cacert.org's root certificate.
>
> Cheers,
> Dave Hart

Thanks, Dave.  Yes, I noted that the port 443 was /not/ the one associated 
with the http:// URL, but I did cut and paste the URL from your message, 
and there was no "https" in it.  I simply reported what i saw.  I just 
tried it again and did /not/ get the warning, however on closing and 
re-opening Firefox, the warning has appeared with the same, non-https, 
URL.  I suspect that it comes from Firefox looking ahead to the other 
links on that page, some of which are https.

Yes, in the past this issue has arisen, and I may have clicked "OK" if 
Internet Explorer gave such an option for that URL.

It makes it difficult to take an discussion about "security" issues 
seriously when ntp.org can't even get a "accepted" certificate.

Cheers,
David 




More information about the questions mailing list