Self-Signed SSL Certificates (aka reply to your "world view" argument)
How might I become a trusted SSL certificate issuer? You guys have really been shaking things up the past few years, so that certificates have been the biggest pain in the ass of all time. Do I have to reinvent the entire internet just to sell products online? My 4096 bit SSL certificates generated with openssl have 8x more robust encryption than most of the bilge on the internet, and in a lot of cases, 16x more robust encryption, but your browsers shoot everything down -- literally everything.
People have to make money, guys -- you don't really understand. Nobody cares about your "world view." I don't do business with any of you, you're not the government, I need a secure encrypted website to sell online, but you won't stop complaining that my SSL certificates are somehow "untrusted." I think you have mistaken "untrusted" for "uncrackable by current state of the art," because rumor has it that Google's quantum computer has difficulty cracking 2048 bit SSL certificates.
Why do you need to crack everybody's website encryption anyway? Are you trying to intercept financial transactions? How does that make you more trustworthy than me who doesn't hack anyone? I just want to sell my products in an online storefront. I think you guys really need to get off of your moral high horse, because you seem like the enemy to just about everyone I've ever talked to in my life.
Don't be surprised when I release my own browser and start blocking your crappy 256 bit SSL certificates for being inferior and "insecure." I've kind of had it with Firefox, Chromium, Chrome, Edge, etc... It seems like a colossal waste of time for me to have to release my own damned browser just to sell a freaking t-shirt online in America. This is really capitalism at its worst.
All Replies (4)
Firefox doesn't issue certificate you need to search online and find the sites or government sites that issues those certificates. This is only a user help forum.
I actually kind of already knew that, markwarner22. I just wanted to poke the proverbial bear. I think I accomplished more than you might initially understand. A little post here, and a little meme there, and pretty soon you have people doing what you want them to do. You'll see...
The forum is for user help if you want to file a complain you can go to the SEC and submit a compliant there.
John E Petersen said
How might I become a trusted SSL certificate issuer?
The following wiki page has the details on Mozilla's process: https://wiki.mozilla.org/CA/Application_Process
You guys have really been shaking things up the past few years, so that certificates have been the biggest pain in the ass of all time.
Really? Once upon a time, companies could get away with charging an arm and a leg for SSL certificates. That is no longer the case, with free certs via Let's Encrypt, which was partially sponsored by Mozilla. With free auto-renewal, I don't have to worry about SSL certs any more. (There's also a free one in CPanel.)
But my site doesn't need a high-assurance EV certificate. If you're making money on your site, maybe you can justify the cost of one of those so your customers feel extra confident transacting with you.