Firefox 3: Too Secure?

Over the past few weeks, I have received many e-mails about an issue with Firefox 3. So, today, we’re going to sort this mess out!

How many of you Firefox users out there have seen this screen before?

I know I have. When I first saw that screen, I thought, “I better get away from this site!”

I would expect that if you saw a screen like that, it would make you think something is very wrong. Usually, I would recommend leaving a Web site like that alone, but after doing some reading, it looks like that error doesn’t always mean the site is bad or insecure. I know that may seem confusing, so come along with me while I explain everything!

In order to understand what the box means, we’ll need to go over how security certificates work.

When you visit a secure Web site (sites beginning with https://), the company that owns the site must have a security certificate to help encrypt the data. Most sites that have security certificates purchase them from a provider. Those providers ensure that the site is legitimate before issuing the certificate. When a company purchases the certificates from a well known provider, Firefox recognizes that and it doesn’t give the initial warning. That’s how most Web sites do business. They pay big bucks for security certificates.

While that may be the way most Web sites work, it’s not the way they all work. Some sites want to have a secure connection, but they don’t want to pay a provider, so they try to write their own certificates. “Self-signed” certificates provide a secure connection, but they don’t have the backing of a well known certificate provider to verify the authenticity of the site. When you visit a site that has a self-signed certificate, Firefox warns you with the error message you saw before.

So, the error is telling you the site you’re trying to visit is secure, but it hasn’t been verified as a safe site by a well known certificate provider.

Now, I’m sure some of you are asking, “What should I do if I see an error like that? Should I trust the site?”

That’s a good question and the answer really depends on the Web site. Keep in mind that not all sites that show the error are safe. If they were all safe, Firefox wouldn’t have to worry about the error in the first place. If you come across an error like that on a Web site you’re trying to visit, you have to use some common sense to determine if it’s safe or not. You should ask yourself these questions:

1.) Have I been to this site before?
2.) Do I recognize the address of the site as a known safe site?
3.) Do I really need to go to this site?

If you answered yes to all three questions, you can get past the error and still visit the site. To do that, follow these steps:

Note: Please, please, please make absolutely certain that the site is safe before continuing. Going to an unsafe site can cause major security issues. The reason I’m writing this article is because this is a new feature that only Firefox has. Many people say the error makes Firefox “too secure” and it blocks sites that are completely legitimate. I just want you to be informed and to know about the errors you’re seeing.

First, click on the link at the bottom of the box that says “Or, you can add an exception.”

Next, click on the Add Exception button.

Now, click on the Get Certificate button.

Finally, click on the Confirm Security Exception button.

After the last step, you will be allowed to go to the Web site. Until next time, stay safe out there, my friends!

~ Gary