I'm trying to use a site that's https but has it's own certificate, and when I add an exception it still shows it as unsecure, with an exclamation on the padlock and when I click the padlock it says "Connection not secure" and "You are not securely connected to this site" in Firefox. I get similar things in Chrome, where https is actually crossed out and it says "Not secure" and "Your connection to this site is not secure." I even added the root certificates provided by the site and nothing changed. I'm having a hard time finding info specific to this, but from what I can tell (mainly based on this answer, though it's over a decade old and I'm not sure if things have changed), it seems it is a secure connection with regard to being an encrypted connection with the site that a MITM couldn't intercept, and it's only "unsecure" in the sense it can't verify I'm connected to the site/server I think I am. Is that correct? Because I've verified the fingerprint of the site with someone who has the proper certificates for their browser to verify it, but I'm wary based on the wording of the messages that info I submit on it could be intercepted. It seems like it's just poor wording, in which case it should probably be changed to be more clear, but I'd like to be sure before using it.
http://dlvr.it/ShxmDY
G:7-Security (Cyber Security Research and Global Information Security Services)
No comments:
Post a Comment