I just saw it is possible to access dc.com via https
. While I think this is absolutely terrific, my favorite webbrowser
does not like the fact that some content is not transmitted via https. So far I have added an exception for dc.com so firefox will accept the certificate. Also the certificate does not seem to be signed by a Certificate Authority (CA) such as CAcert.org
The red font indicates something: Secured Access to Forum
Also, the lock symbol is "broken": Secured Access to Forum
And when I look at the details, I see why the address is red and the lock is broken: Secured Access to Forum
CAcert is a CA whose certificates are free, which is why its competitor fight hard so software vendors won't include their Root Certificates
There are instructions how to get a certificate signed by CAcert
. Then users only need to import (and trust) the Root Certificate from CAcert
: PEM format seems to be right for most browsers except Internet Explorer.
If dc.com could get a server certificate from, say, verisign, users would not have to do anything; however, these certificates usually cost money. I know all this is a hassle, but in this day and age security, protection, or trust don't come easy...