[ntp:questions] lists.ntp.org uses an invalid security certificate....
Richard B. Gilbert
rgilbert88 at comcast.net
Sun Sep 6 11:49:50 UTC 2009
David J Taylor wrote:
> "Dave Hart" <davehart at gmail.com> wrote in message
> news:594a23a4-75f3-4081-9346-9c0955a69ef9 at x5g2000prf.googlegroups.com...
>> On Sep 6, 6:49 am, "David J Taylor" wrote:
>>> "Dave Hart" <> wrote in message
>>> > Cheers,
>>> > Dave Hart
>>> Thanks for the pointer, Dave.
>>> When visiting that site in Firefox, but not in Internet Explorer, I get
>>> the warning:
>>> lists.ntp.org:443 uses an invalid security certificate.
>>> "The certificate is not trusted because the issuer certificate is
>>> Perhaps my Firefox needs something?
>> Neither of the URLs given above are using https, they are both
>> so one answer would be to tell you you're confused ;) However
>> lists.ntp.org mailing list archives are also available over https, and
>> Firefox is telling you it doesn't trust the certificate, which is
>> true. All ntp.org https sites use certificates from cacert.org, which
>> is not trusted by any browser with enough market share to mention out
>> of the box. You must have previously installed the cacert.org root
>> certificate, or the https://lists.ntp.org certificate into IE to avoid
>> the warning.
>> This is a bit of a sore point with me, and I've gone so far as to find
>> affordable trusted certificates and offer to pay for them, but the
>> idea was vetoed. Apparently, supporting cacert.org's windmill-tilting
>> is more important than not scaring away innocent users who try to
>> visit http://bugs.ntp.org and find every link redirects them to
>> https://support.ntp.org/... which throws up a certificate warning to
>> those of us who have not installed cacert.org's root certificate.
>> Dave Hart
> Thanks, Dave. Yes, I noted that the port 443 was /not/ the one
> associated with the http:// URL, but I did cut and paste the URL from
> your message, and there was no "https" in it. I simply reported what i
> saw. I just tried it again and did /not/ get the warning, however on
> closing and re-opening Firefox, the warning has appeared with the same,
> non-https, URL. I suspect that it comes from Firefox looking ahead to
> the other links on that page, some of which are https.
> Yes, in the past this issue has arisen, and I may have clicked "OK" if
> Internet Explorer gave such an option for that URL.
> It makes it difficult to take an discussion about "security" issues
> seriously when ntp.org can't even get a "accepted" certificate.
Bottom line is: those certificates cost money! I don't know how much. .
. I never needed one.
More information about the questions