Why we have "This Connection is Untrusted" error message even if redirected (301) to another domain with trusted certificate?
I think there is no any security issue for a user and more over if you try in Firefox on Android OS to access https://untrusted-ssl-cert.com which is redirected to https://trusted-ssl-cert.com you will never get this killing message. It is expected behaviour and I wonder why desktop Firefox does not take it in use.
Все ответы (2)
Drugan, please can you clarify what you are asking here?
Let's say we have two domains:
https://untrusted-ssl-cert.com
This domain has untrusted certificate (self-signed, outdated, no any certificate)
https://trusted-ssl-cert.com
This domain has trusted certificate (certificate signed by trusted certificate Authority)
Let's assume that https://untrusted-ssl-cert.com set up on its hosting to be permanently (301) redirected to https://trusted-ssl-cert.com. Now, if we try to access https://untrusted-ssl-cert.com we get "This Connection is Untrusted" warning (while redirection process). It just happens on the Desktop version of Firefox, but not on mobile Firefox (Android).
Why?
There is no any security issue for a user because he/she will never get/see the https://untrusted-ssl-cert.com page even if adding exception to this untrusted domain.
By the way Safari works properly in this case on any version giving no such a user-killing-warning and silently redirecting to the trusted domain. And once more so does mobile version of Fierfox on Android.
For those interested why to use so complicated scheme:
Imagine transition from old_domain.com to new_domain.com and because users previously saved bookmarks (https://old_domain.com) in their Firefox browser you need to pay money for a certificate for old_domain.com to successfully redirect them to new_domain.com.
Why we need to pay for what we do NOT use (certificate)?