[Project_owners] auto certificate acceptance

Paul Roub paul at roub.net
Tue Mar 27 04:40:05 PST 2007


> So, when I visit a https web site with a certificate, it asks for "do 
> you want to accept certificate" or "do you want to accept certificate 
> permanently", something along those lines....
> Is there a way to hook up into a mozilla service so that instead of 
> popping that dialog, it automatically accepts the certificate?
> 
> Maybe I would have to implement some sort service provider that is 
> called to handle these dialogs, and I return back a value indicating 
> "accept this certificate".
> 

Forgive me if I'm stating the obvious, but...

*All* https web sites have certificates behind them.  It's what 
validates that the site you're viewing is the site it claims to be.  The 
pop-ups you see are for those times when the certificate:

	Is invalid
	Is signed by an unknown authority
	Has expired
	Is for a different site
	etc.

So either the site in question is mis-configured, or the certificate is 
bad.  In the case of, say, a banking site, that's very much worth knowing.

Your hypothetical extension is probably possible; it's also just the 
thing to make Phishing work so much better than it does now.

-paul


More information about the Project_owners mailing list