browser certificate warning https - advice?

Posted on 2012-09-19
Last Modified: 2012-09-20
certificate error ssi have a couple of related questions -

the situation: i have a link on my webserver accessible only through https
however on trying to connect i get the error (attached)

* is it correct that this is something i can ignore (users can always just add an exception on the browser and enter the page as normal)?

* are there situations where somebody cannot add an exception (e.g. this feature can be blocked by admin or organisation etc)

* is the only way to avoid this error to get and install on the server a certficifate from a trusted authority that is already distributed with the browser(or allow access with http).

* does connecting to my server through https like this improve security even though the server cannot be verified? ( my understanding is https does 2 things, (a) stop eavesdropping on data exchange (b) verify you are talking to legitimate server))

i know it looks like a lot of text but its quick and easy questions for somebody who knows this im sure.

Question by:weaverk
    LVL 82

    Accepted Solution

    If it is a public site, most users will Not add an exception and will leave your site.  In organizations where security is a concern, it could possibly be cause for termination to allow exceptions.  If you are in business, you should buy an acceptable certificate that can be verified.  A self-signed certificate will encrypt if it is accepted but it will not be accepted as identifying a legitimate server.  At the highest levels of certificates, you actually have to 'prove' that you are who you say you are.  That's not so true at the lower levels.
    LVL 33

    Assisted Solution

    by:Dave Howe
    as DaveBaldwin says, if you see such an error on a site you will be using for financial transactions or any other "security sensitive" data, you should leave immediately.  By implication therefore, most of the more security savvy people who see it will not then go on to complete whatever transaction you directed them to the site for!

    If however the error is for your own users, it indicates you should push out your CA cert to them using Group Policy in order for them to trust it;  There is no need to waste the money on a commerical cert if you control the end-nodes accessing it :)
    LVL 1

    Author Closing Comment

    between these two answers i know everythign i needed to,
    many thanks to you both!

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Suggested Solutions

    As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
    If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
    How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now