[ntp:questions] lists.ntp.org uses an invalid security certificate....

David Lord snews at lordynet.org
Sun Sep 6 17:36:41 UTC 2009


Richard B. Gilbert wrote:
> David J Taylor wrote:
>>
>> "Dave Hart" <davehart at gmail.com> wrote in message 
>> news:594a23a4-75f3-4081-9346-9c0955a69ef9 at x5g2000prf.googlegroups.com...
>>> On Sep 6, 6:49 am, "David J Taylor"  wrote:
>>>> "Dave Hart" <> wrote in message
>>>>
>>>> >http://lists.ntp.org/pipermail/questions/2009-September/024201.html
>>>>
>>>> > Cheers,
>>>> > Dave Hart
>>>>
>>>> Thanks for the pointer, Dave.
>>>>
>>>> When visiting that site in Firefox, but not in Internet Explorer, I get
>>>> the warning:
>>>>
>>>>   lists.ntp.org:443 uses an invalid security certificate.
>>>>
>>>> "The certificate is not trusted because the issuer certificate is
>>>> unknown."
>>>>
>>>> Perhaps my Firefox needs something?
>>>
>>> Neither of the URLs given above are using https, they are both 
>>> http://...,
>>> so one answer would be to tell you you're confused ;)  However
>>> lists.ntp.org mailing list archives are also available over https, and
>>> Firefox is telling you it doesn't trust the certificate, which is
>>> true.  All ntp.org https sites use certificates from cacert.org, which
>>> is not trusted by any browser with enough market share to mention out
>>> of the box.  You must have previously installed the cacert.org root
>>> certificate, or the https://lists.ntp.org certificate into IE to avoid
>>> the warning.
>>>
>>> This is a bit of a sore point with me, and I've gone so far as to find
>>> affordable trusted certificates and offer to pay for them, but the
>>> idea was vetoed.  Apparently, supporting cacert.org's windmill-tilting
>>> is more important than not scaring away innocent users who try to
>>> visit http://bugs.ntp.org and find every link redirects them to
>>> https://support.ntp.org/... which throws up a certificate warning to
>>> those of us who have not installed cacert.org's root certificate.
>>>
>>> Cheers,
>>> Dave Hart
>>
>> Thanks, Dave.  Yes, I noted that the port 443 was /not/ the one 
>> associated with the http:// URL, but I did cut and paste the URL from 
>> your message, and there was no "https" in it.  I simply reported what 
>> i saw.  I just tried it again and did /not/ get the warning, however 
>> on closing and re-opening Firefox, the warning has appeared with the 
>> same, non-https, URL.  I suspect that it comes from Firefox looking 
>> ahead to the other links on that page, some of which are https.
>>
>> Yes, in the past this issue has arisen, and I may have clicked "OK" if 
>> Internet Explorer gave such an option for that URL.
>>
>> It makes it difficult to take an discussion about "security" issues 
>> seriously when ntp.org can't even get a "accepted" certificate.
>>
>> Cheers,
>> David
> 
> Bottom line is: those certificates cost money!  I don't know how much. . 
> .   I never needed one.

Yep, but when your mate rings up and says someones forged
my site because that's what the error message infers it's not good.
I'd already pgp emailed him my self signed certificate and asked
he added that as trusted, unfortunately he trusts other third
parties as to my identity more than he trusts me (over 50 yrs)
and he has his site on my server :-(

David




More information about the questions mailing list