Ubuntu
firefox-3.0 package

Firefox does not load encrypted page if the certificate is not trusted

Bug #224307 reported by Martin Gräßlin on 2008-04-29

Affects		Status	Importance	Assigned to	Milestone
	firefox-3.0 (Ubuntu)	Invalid	Undecided	Unassigned

Bug Description

Binary package hint: firefox-3.0

Firefox has a very strange behaviour if you visit a https site which uses self-signed or untrusted certificates.

Here the error:
"Secure Connection Failed
mail.martin-graesslin.com uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is not trusted.
The certificate is not valid for any server names.
(Error code: sec_error_untrusted_issuer)
* This could be a problem with the server's configuration, or it could be someone trying to impersonate the server.
* If you have connected to this server successfully in the past, the error may be temporary, and you can try again later."

IMHO this behaviour is wrong. Firefox should load the page nevertheless. Authentification is not the most important feature of TLS, but encryption.

Many university pages are encrypted with not "trusted" certificates. And this is quite OK. Why should a university spend money for a "real" certificate. Personally I trust my university more than for example Verisign.

For a user who does not know about how TLS encryption works the page is completely wrong. He will not know and understand that the webpage uses an "untrusted" certificate, but will think that there is some real problem.

Please change the behaviour. I do not have any problem with a warning as it used to be in Firefox 2, but not loading at all is just - well let's say stupid.

Revision history for this message

Marcus Asshauer (mcas) wrote on 2008-04-29:

Thank you for your suggestion. However, the changes you are requesting aren't really a bug and require more discussion, which should be done on an appropriate mailing list or forum. [WWW] http://www.ubuntu.com/support/community/mailinglists might be a good start for determining which mailing list to use.

Changed in firefox-3.0:
status:	New → Invalid

Revision history for this message

Martin Gräßlin (ubuntu-martin-graesslin) wrote on 2008-05-01:

Link to started Thread in mailinglist: https://lists.ubuntu.com/archives/ubuntu-mozillateam/2008-April/000420.html
and the corresponding bug at Mozilla: https://bugzilla.mozilla.org/show_bug.cgi?id=327181

Revision history for this message

Ken Sturmer (ksturmer) wrote on 2008-12-01:

Screenshot-6.png Edit (94.0 KiB, image/png)

I am having the same problem. The url of the page I am trying to load is: http://prague.tv/around-town/prague-directory/

I have been subscribed to this site for over three years! And now all of a sudden I am unable to find it! If this continues with this or any other site. I guess I will search for another browser. Evolution was fine, so why did they screw it up? ( update )
I am not a computer geek, so please do not waste my time with some geeky explanation. I can understand getting a warning about a page, and allowing the user to decide for themselves. Not blocking the site from viewing is not user friendly. In case you don't understand "user friendly" use your logic. This is a trusted site, I have been using for three years. Now I cannot view it.

Revision history for this message

Ken Sturmer (ksturmer) wrote on 2008-12-01:

Today I tried it again, this time the page loaded normally. I don't know why it would not yesterday. As I had stated, this is a newsletter I receive DAILY. Why I kept getting that error message was beyond me, and very annoying. I have had this happen before almost always on European sites.