browser certificate warning https - advice?

Posted on 2012-09-19
Medium Priority
Last Modified: 2012-09-20
certificate error ssi have a couple of related questions -

the situation: i have a link on my webserver accessible only through https
however on trying to connect i get the error (attached)

* is it correct that this is something i can ignore (users can always just add an exception on the browser and enter the page as normal)?

* are there situations where somebody cannot add an exception (e.g. this feature can be blocked by admin or organisation etc)

* is the only way to avoid this error to get and install on the server a certficifate from a trusted authority that is already distributed with the browser(or allow access with http).

* does connecting to my server through https like this improve security even though the server cannot be verified? ( my understanding is https does 2 things, (a) stop eavesdropping on data exchange (b) verify you are talking to legitimate server))

i know it looks like a lot of text but its quick and easy questions for somebody who knows this im sure.

Question by:weaverk
LVL 84

Accepted Solution

Dave Baldwin earned 1200 total points
ID: 38416116
If it is a public site, most users will Not add an exception and will leave your site.  In organizations where security is a concern, it could possibly be cause for termination to allow exceptions.  If you are in business, you should buy an acceptable certificate that can be verified.  A self-signed certificate will encrypt if it is accepted but it will not be accepted as identifying a legitimate server.  At the highest levels of certificates, you actually have to 'prove' that you are who you say you are.  That's not so true at the lower levels.
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 800 total points
ID: 38416861
as DaveBaldwin says, if you see such an error on a site you will be using for financial transactions or any other "security sensitive" data, you should leave immediately.  By implication therefore, most of the more security savvy people who see it will not then go on to complete whatever transaction you directed them to the site for!

If however the error is for your own users, it indicates you should push out your CA cert to them using Group Policy in order for them to trust it;  There is no need to waste the money on a commerical cert if you control the end-nodes accessing it :)

Author Closing Comment

ID: 38417066
between these two answers i know everythign i needed to,
many thanks to you both!

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Experts Exchange expands question security options for members.
With more and more companies allowing their employees to work remotely, it begs the question: What are some of the security risks involved with remote employees and what actions should we take to secure them?
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question