SSL Thoughts...

[GRMrGecko]

I realized that you load a resource in your website that isn't secure, such as Google Ads, it will no longer display the lock at the top right of Safari. Why would this be true? Google ads is always insecure, there is no way to use https with it. I think that if the site is verified, it should display the lock and if it's self signed, it wouldn't. That'll allow people who don't have money to pay for a certificate to have security and not annoy the customer with the this is a self signed certificate thing. This will prevent things like firesheep and so on.

 

[designguy79]

When you are looking one web page, your computer is actually making lots of http or https connections to load the various files (images, javascript, etc).

In order for the "lock" icon to appear, all of the connections on that page must be via https.

The reason is pretty straight-forward -- just 1 unsecured connection negates the rest, and the browser shouldn't mislead people. You may have heard the analogy "a chain is only as strong as its weakest link" that is a pretty good way to think of it.

Self-signed certificates will also still display the lock if all connections are via https and the visitors accepts the self-signed cert.

HTH!

 

[dmmcintyre3]

Self-signed certificates will also still display the lock if all connections are via https and the visitors accepts the self-signed cert.

HTH!

But they will also display something that a real cert won't. The browser will say the cert cannot be trusted.

 

[designguy79]

But they will also display something that a real cert won't. The browser will say the cert cannot be trusted.

Right, which is why I said "accepts the self-signed cert."

I thought maybe the OP thought that it wouldn't display the lock for a self-signed cert... guess I could have been more clear in my reply.

 

[GRMrGecko]

Right, which is why I said "accepts the self-signed cert."

I thought maybe the OP thought that it wouldn't display the lock for a self-signed cert... guess I could have been more clear in my reply.

Yes, I know it will still display the lock, but it also displays that message before you can load it saying that it is a self signed which could be annoying to customers why I wouldn't do self signed for my site. If it just didn't put the lock at the top for self signed, I'll be happy to use self signed if it just makes the connection between my server and the user secure. I understand why it doesn't display the lock if there is one insecure resource, so I guess my question would be, why doesn't Google offer SSL ads? I mean it is really easy to do and I'm sure they have the money for certificates. The reason I started this is because I think it'll be really interesting if self signed certificates didn't annoy users because if it didn't, people who runs forums and such can provide a secure connection without paying for a certificate and so on making the internet more safe from packet sniffers. I am sorry if I'm just being a dumb guy for saying this, but I care about security and so far the only way to be secure is with ssl and if it cost money for a certificate that doesn't annoy the user than a lot of people (as I mentioned, people with forums) would use it on their sites.

 

[dmmcintyre3]

I got a free SSL cert for one of my domains that lasts for 2 years. RapidSSL was/still is running a promotion that let you exchange a competitor's SSL cert for one of theirs, and it took a comodo 90 day trial one to let me get the 2 years free. Getting the dedicated IP free was the hardest part.

 

[GRMrGecko]

I got a free SSL cert for one of my domains that lasts for 2 years. RapidSSL was/still is running a promotion that let you exchange a competitor's SSL cert for one of theirs, and it took a comodo 90 day trial one to let me get the 2 years free. Getting the dedicated IP free was the hardest part.

There is also http://cert.startcom.org/, but... Still, not being able to do virtual hosts is a hassle for people who only have 1 IP and multiple domains or a host that has 1 IP and multiple domains being hosted on it.