Qustion

[Dale Farnsworth]

On Thu, Nov 27, 2008 at 01:01:19AM -0500, Grampa_Jeff at bellsouth.net wrote:
> Why do all the links say something about certificate error : navigation blocked?

Hi Jeff,

First, you say "all the links".  If it is truly all links, then
something is misconfigured on your end and you may disregard the rest
of this message.  However, if it is just a few links, then read on.

The answer to this question is surprisingly complex, and I won't be able
to go into all the details, but I'll give an overview.

I need a way to exchange information privately (without eavesdropping)
with users of the website--for example, when submitting passwords for
managing a subscription to the Farnsworth history mailing list.  The
https protocol is the best way to do this, so I use it for the secure
pages on www.farnsworth.org. Most pages on www.farnsworth.org, like most
of the internet, use the http protocol which provides no such eavesdropping
protection.

In addition, the https protocol provides for authenticating a web server
via encrypted "certificates".  A website owner can register that website
with a certificate authority, for a minimum of about US$75.00 per year,
and the certificate authority will provide a computer-readable
certificate that certifies (to some degree) that the website has been
registered.

The guarantees provided by such website registration are minimal and are
of little value for www.farnsworth.org, so I have opted not to register
the site.  (At $75/year, it's almost cheap enough for me to do it to
avoid the aggravation of questions like this, but that's $75/year per
website, and they begin to add up.)  Instead, I provide a self-signed
certificate.  In effect, I specify that my website is run by me.  This
still provides the full anti-eavesdropping protection.

This works fine with some web browsers.  Firefox, for example, allows
you to simply acknowledge that you understand the website has not been
registered, and to permanently accept the website's unregistered certificate.
Internet Explorer used to do the same.  However, in the last few years,
Microsoft decided to make this more difficult for users of Internet
Explorer and now provides no easy way to accept certificates for
unregistered web sites.  With Internet Explorer, you can only accept
these unregistered certificates temporarily, until the next time you
restart Internet Explorer.

I'm sorry for the inconvenience, but I'm too cheap to pay the $75/year
on Microsoft's whim.

I recommend using Firefox, instead of Internet Explorer, which will
solve the problem on your end.  Firefox is much better than Internet
Explorer for security reasons as well.  It can be legally downloaded
for free from <http://www.mozilla.com/en-US/firefox/>.

-Dale