Mozilla "trusted websites" database. SSL Certs
I've noticed that you have to buy a SSL cert, not to use SSL but so that the browser knows its a safe connection, why is this system even needed ? its encryptet anyhow. My question/suggestion why cant firefox add an extra service where small webdevelopers like myself can enter information about the project like the Domain name and contact information etc. And then the community perhaps can go in and confirm that this website is legit and its safe to proced with the HTTPS request. It wont work cross browser i know, but i think it would be a great feature.
Yours Fredrik Royal institute of technology, Sweden
Chosen solution
Sorry, I misunderstood your question.
A certificate only works if there is a certificate chain that links it to a built-in root certificate, so it will only work if you get a certificate from one of those suppliers that have a root certificate in Firefox.
Read this answer in context 👍 1All Replies (6)
You can use something like PGP to validate data if that is what you want to achieve.
The purpose of the SSL certificate is more than providing an encryption key, it indicates that your communication is being decrypted with the certificate associated with a particular website, in other words, that it's not a man-in-the-middle or an impostor website.
I dont understand how im suppost to run my website of PGP, its seems to me its ok for string encryption, but for that we already have B-crypt with the rounds feature.
Yes i know that the SSL Certs are give out to protect the clients from man in the middle attacks etc. Look if you buy a cert, it stops the browser from going "hey this might not be safe" and you have to add an exception, why cant firefox have a pre-made "exception" list of trusted website eather in the software or seperate server somewhere, as a free feature for your users, that adds community validated websites. Anyone can apply website, and when it gets enough "up votes" it gets automaticly added. Anyone can buy a cert that dosen't mean there website is safe... if you think about it, my suggestion would be more avanible, cheaper and safer.
Chosen Solution
Sorry, I misunderstood your question.
A certificate only works if there is a certificate chain that links it to a built-in root certificate, so it will only work if you get a certificate from one of those suppliers that have a root certificate in Firefox.
I have a similar problem with Facebook. I cannot post http into tabs. They are requesting https and SSL certificates for each url. If we need to purchase SSL can we get them through Mozilla/Firefox
Hi janinmat, Mozilla doesn't sell security certificates. However, you can get them for $10/year if you shop around. I think I've used this aptly named company in the past to get discounts on the Comodo PositiveSSL cert: https://www.facebook.com/cheapssls
BEFORE BUYING: check with your hosting company to make sure you will be able to install one you buy yourself; some make it difficult or impossible to do that and require you to buy it through them at a higher price.