Error message... Is this Important?

[LinuxMint-4]

( I got this after I posted a reply on another message here).

This Connection is Untrusted

You have asked Firefox to connect
securely to www.thelinuxlink.net, but we can't confirm that your connection is secure.

Normally, when you try to connect securely,
sites will present trusted identification to prove that you are
going to the right place. However, this site's identity can't be verified.


What Should I Do?





If you usually connect to
this site without problems, this error could mean that someone is
trying to impersonate the site, and you shouldn't continue.

Technical Details



www.thelinuxlink.net uses an invalid security certificate.

The certificate is not trusted because it is self-signed.
The certificate is only valid for thelinuxlink.net

(Error code: sec_error_untrusted_issuer)

I Understand the Risks

[Claudio]

Dann is using a self-signed certificate. Been like that for a while now.

[zbreaker]

Dann is using a self-signed certificate. Been like that for a while now.

A real Linux Outlaw

[Patrick]

Dann is using a self-signed certificate. Been like that for a while now.

A real Linux Outlaw

Actually getting a certificate from Verisign is pretty damn expensive:
$400 per year or $1000 for 3 years

https://www.verisign.com/ssl/buy-ssl-ce ... index.html

[eddie]

That sounds like a good easy way to fund tllts.

[Gomer_X]

There's really no reason to have a paid cert. It's not like we're giving the show money through PHPBB, or submitting sensitive information.

If you believe Dann is who he says he is, you should trust his certificate. It's as simple as that. Firefox just sees that the certificate doesn't come from a trusted authority and gives an error.

[eddie]

No, that is not what I meant at all. Tllts should become like a "Verisign" for other sites.

[dann]

next we'll be funding a cert for http://lemontunamouth.inf

[Patrick]

No, that is not what I meant at all. Tllts should become like a "Verisign" for other sites.

Thawt, the company that Mark Shuttleworth founded and made him millions did exactly that. Ironically Shuttleworth's company was bought out by Verisign. He used that money to become the first space tourist from Africa and founded the Ubuntu project along with Canonical.

[Tyler]

The company I work for uses DigiCert, they are cheaper than Verisign and if you are just securing one domain name its only 115 a year you can get it from 1-3 years at a time. Still cheaper than Verisign.
http://www.digicert.com/welcome/ssl-plus.htm

Check out the video, at least they hav a sense of humor.

[Gomer_X]

No, that is not what I meant at all. Tllts should become like a "Verisign" for other sites.

It wouldn't do any good. The browser still would give an error as it only trusts certs from certain sites.

Getting on that list of cert authorities isn't a simple task.

[eddie]

True, but every business has to start somewhere till it gets known.

[mikeh]

Going to resurrect this thread.

I installed the certificate so Chrome would stop complaining. But the problem is the certificate is for thelinuxlink.net and when I log in here I get redirected by the forum to www.thelinuxlink.net which throws up the warning again about the certificate. If I have logged in here and close the browser and come back to just thelinuxlink.net (secure server still in all cases above) I will be logged in automatically and get the nice green secure padlock. It is just when I log in on a new session and the board redirects me.

I think under the admin interface / server configuration / server settings, you can set to "no" the "force server URL settings". I had that set to yes on a phpbb forum I run and switching it to no didn't force the URL string to change.

The other thing might be to reissue your certificate but do it to *.thelinuxlink.net

That seems to be how google has its cert.

I may be doing something wrong on my end too, so apologies if I am missing something stupid.