[clamav-users] bugzilla security certificate
Reindl Harald
h.reindl at thelounge.net
Sun Dec 11 23:30:11 UTC 2016
Am 12.12.2016 um 00:25 schrieb timeless:
>> Firefox reports:
>>> "bugs.clamav.net uses an invalid security certificate. The certificate is
>>> only valid for bugzilla.clamav.net Error code: SSL_ERROR_BAD_CERT_DOMAIN"
>
>>> You can bypass the warning if desired.
>
> (FWIW, Chrome also allows this)
>
> Benny Pedersen wrote:
>> worst advise you ever have giving here
>
> I think he meant that Firefox offers to allow you to continue past the
> warning (some warnings in SSL land are fatal) --
> Speaking as someone who was involved in this error message.
don't matter - instead of writing a mail that should have been just fixed
> Usability and Security are always tradeoffs. If a product is too
> hard/painful/cumbersome to use, it doesn't matter if it's the most
> secure, people will move away from it
it's not rocket science to deploy SSL certs which match the used
hostnames, at least not when it takes a few seconds to pase a vhost
config and verify if all the names are listed in the cert while the main
question is why a vhost needs that much names at all instead "THAT is
the name of the subdomain and THAT is the certificate for it"
More information about the clamav-users
mailing list