[ntp:questions] lists.ntp.org uses an invalid security certificate....

Richard B. Gilbert rgilbert88 at comcast.net
Sun Sep 6 11:49:50 UTC 2009


David J Taylor wrote:
> 
> "Dave Hart" <davehart at gmail.com> wrote in message 
> news:594a23a4-75f3-4081-9346-9c0955a69ef9 at x5g2000prf.googlegroups.com...
>> On Sep 6, 6:49 am, "David J Taylor"  wrote:
>>> "Dave Hart" <> wrote in message
>>>
>>> >http://lists.ntp.org/pipermail/questions/2009-September/024201.html
>>>
>>> > Cheers,
>>> > Dave Hart
>>>
>>> Thanks for the pointer, Dave.
>>>
>>> When visiting that site in Firefox, but not in Internet Explorer, I get
>>> the warning:
>>>
>>>   lists.ntp.org:443 uses an invalid security certificate.
>>>
>>> "The certificate is not trusted because the issuer certificate is
>>> unknown."
>>>
>>> Perhaps my Firefox needs something?
>>
>> Neither of the URLs given above are using https, they are both 
>> http://...,
>> so one answer would be to tell you you're confused ;)  However
>> lists.ntp.org mailing list archives are also available over https, and
>> Firefox is telling you it doesn't trust the certificate, which is
>> true.  All ntp.org https sites use certificates from cacert.org, which
>> is not trusted by any browser with enough market share to mention out
>> of the box.  You must have previously installed the cacert.org root
>> certificate, or the https://lists.ntp.org certificate into IE to avoid
>> the warning.
>>
>> This is a bit of a sore point with me, and I've gone so far as to find
>> affordable trusted certificates and offer to pay for them, but the
>> idea was vetoed.  Apparently, supporting cacert.org's windmill-tilting
>> is more important than not scaring away innocent users who try to
>> visit http://bugs.ntp.org and find every link redirects them to
>> https://support.ntp.org/... which throws up a certificate warning to
>> those of us who have not installed cacert.org's root certificate.
>>
>> Cheers,
>> Dave Hart
> 
> Thanks, Dave.  Yes, I noted that the port 443 was /not/ the one 
> associated with the http:// URL, but I did cut and paste the URL from 
> your message, and there was no "https" in it.  I simply reported what i 
> saw.  I just tried it again and did /not/ get the warning, however on 
> closing and re-opening Firefox, the warning has appeared with the same, 
> non-https, URL.  I suspect that it comes from Firefox looking ahead to 
> the other links on that page, some of which are https.
> 
> Yes, in the past this issue has arisen, and I may have clicked "OK" if 
> Internet Explorer gave such an option for that URL.
> 
> It makes it difficult to take an discussion about "security" issues 
> seriously when ntp.org can't even get a "accepted" certificate.
> 
> Cheers,
> David

Bottom line is: those certificates cost money!  I don't know how much. . 
.   I never needed one.




More information about the questions mailing list