Every time I go to the Ubuntu wiki I get a message from firefox about 'unable to verify the site certificate' or something. There's also something about it being expired.

If it's expired, can someone update it?
I've never really understood what these things are meant to be.
What's the point of it other than annoying people? Can we just have it removed?

All websites such as the Ubuntu wiki in this case that uses an encrypted connection are expected to have a certificate from VeriSign or a smiliar company. The certificate is just an assurance from VeriSign or whoever issued it that the Ubuntu wiki really is the Ubuntu wiki.

The only ways for the wiki to get rid of that warning is to either stop using encryption or pay a certificate issuer to ensure that the wiki really is the wiki.

I have always found this a little annoying as well, and it seems to be pretty unprofessional considering that it's been this way for a very long time now.

All you need to do is select the 'accept permanently' option, and it shouldn't bother you again.

It's a minor annoyance; but shouldn't Mr. Shuttleworth get special perks from his dealings with his previously-owned CA? ;)

I just acccepted permanantly. Hasn't bothered me since :)

These certificates... are very annoying not just this site but all these sites you have to accept for... are these proofs of security really worth it? I mean if I type ubuntulinux.org im pretty sure its really ubuntulinux.org because hmm I typed it. Maybe its going over my head, wouldnt be the first time.

These certificates... are very annoying not just this site but all these sites you have to accept for... are these proofs of security really worth it? I mean if I type ubuntulinux.org im pretty sure its really ubuntulinux.org because hmm I typed it. Maybe its going over my head, wouldnt be the first time.
You don't understand what a SSL cert is then.

http://en.wikipedia.org/wiki/Secure_Sockets_Layer

Also, if you used Windows, you should know what "browser hijacking" is.

The wiki is using an unsigned SSL cert. It's still secure, just not recognized by any browser, since it hasn't been signed by any major company like Versign or Thawte.

Interesting read. I didn't know that SSL was able to handle that many encryption methods such as Triple DES and RC4. Most of the ones that I see have AES. Thanks for the link.

You only have to accept the certificate yourself if its authenticity can't be established. If the certificate was valid, the browser would trust the site automatically, but because the certificate is *not* valid, the browser asks you first if you want to trust the site yourself, because the certificate authority won't.

In the case of Ubuntulinux.com, I know their site and therefore trust it anyway, but if I were about to make a purchase from an on-line shop I hadn't used before, I'd want to be sure that it was trusted by a 3rd party. If it wasn't then I wouldn't buy from that shop.

Ubuntulinux.com simply need to renew (or remove) their certificate.

Interesting read. I didn't know that SSL was able to handle that many encryption methods such as Triple DES and RC4. Most of the ones that I see have AES. Thanks for the link.
No problem.


It's a minor annoyance; but shouldn't Mr. Shuttleworth get special perks from his dealings with his previously-owned CA?
You would hope so, but once you sell a company, you usually have no relation to it anymore.

You don't understand what a SSL cert is then.

http://en.wikipedia.org/wiki/Secure_Sockets_Layer

Also, if you used Windows, you should know what "browser hijacking" is.

The wiki is using an unsigned SSL cert. It's still secure, just not recognized by any browser, since it hasn't been signed by any major company like Versign or Thawte.
That wiki page does not give any reason at all for why websites are expected to have a certificate from a 3rd party instead of one the website itself issued if it uses encryption. Which is what this particular warning is about. This wikipage gives the reasons for this warning:

http://en.wikipedia.org/wiki/Public_key_certificate


You only have to accept the certificate yourself if its authenticity can't be established. If the certificate was valid, the browser would trust the site automatically, but because the certificate is *not* valid, the browser asks you first if you want to trust the site yourself, because the certificate authority won't.

In the case of Ubuntulinux.com, I know their site and therefore trust it anyway, but if I were about to make a purchase from an on-line shop I hadn't used before, I'd want to be sure that it was trusted by a 3rd party. If it wasn't then I wouldn't buy from that shop.

Ubuntulinux.com simply need to renew (or remove) their certificate.
That is like trusting everyone who has a drivers licence. The drivers licence just tells you that the person really is who he claims to be. It does not tell you if the person is trustable or not. These certificates work in the same way.

That wiki page does not give any reason at all for why websites are expected to have a certificate from a 3rd party instead of one the website itself issued if it uses encryption. Which is what this particular warning is about. This wikipage gives the reasons for this warning:

http://en.wikipedia.org/wiki/Public_key_certificate

Umm, yeah, I know, I wasn't trying to show why websites are expected to have signed certs. I was trying to explain to stimpack what an SSL was.

It's a minor annoyance; but shouldn't Mr. Shuttleworth get special perks from his dealings with his previously-owned CA? ;)

I think it has something to do with contractual agreements that have to do with him selling off his business. Kinda like if I build up a lemonade business and sell it to you, you ask me not to start up another lemonade business the next day and steal away all your (my former) customers from you.

There's no such thing as an unsigned certificate. All certificates have to be signed one way or another. The Wiki certificate is what is known as a self-signed certificate. I've used self-signed certificates before (for Java Web Start) and they are handy when you need a certificate but you do not or cannot pay the thousands of dollars it costs for a CA to sign one.

Why use encryption on that site, anyway? AFAICT there's nothing secret/private there.

Why use encryption on that site, anyway? AFAICT there's nothing secret/private there.

The password for the Wiki is the same as the launchpad/bugzilla password, both being very sensitive for certain people (i.e. team leaders; developers)