On Nov 30, 2015 at 21:48, Matthias Apitz wrote:
El día Monday, November 30, 2015 a las 02:29:30PM -0600, Derek Martin escribió:
On Mon, Nov 30, 2015 at 08:03:04PM +0100, Matthias Apitz wrote:
No it does not: http://rmz.io/ff.png
Can you put it soemwhere where only HTTP is onvolved. SSL claims the
page as insecure.
No.
It only claims that the certificate the server is using is
self-signed, meaning that it can't be validated as belonging to
anyone in particular by the big certificate trusts. If you're
willing to look at it without SSL entirely, then who cares if the
cert doesn't validate? This is just not interesting.
Maybe for you (Derek Martin) it is not, but for me. It is already an
issue if a posted URL of http://... is redirected to some SSL URL of
untrusted certifications.
I totally agree with Derek, that is why I redirect all my http requests
to https. I'd choose encrypted with a so-called "untrusted" self-signed
certificate over unencrypted anytime.
