I'm just now loading FF3. Like IE8, they got a lot more paranoid about bad SSL certs. They've gone beyond just coloring the toolbar orange, and are now fully blocking bad SSL sites..
This is a bad thing for us IT wonks. Every appliance and web-ap comes with an SSL functionality these days, and all too many of these use a self-signed cert. Unfortunately, FF3 blocks access to these sites by default and you have to add an exception (a multi-click, "are you SURE you want to do this"? procedure) for each one. All but about 5 of our HP servers have iLO cards with certificates are self-signed, so that's A LOT of sites that'll need to get added.
I'm sure there is a, "Don't be paranoid about SSL Certs," setting somewhere in about:config, but I haven't looked.
Like IE8, this will push the IT administration industry to be less lazy about SSL compliance. We need that, but it'll be 5 years before we really get there. As that's how long it'll take to phase out old "self-signed is good enough for internal use" software and widgets.
This is a bad thing for us IT wonks. Every appliance and web-ap comes with an SSL functionality these days, and all too many of these use a self-signed cert. Unfortunately, FF3 blocks access to these sites by default and you have to add an exception (a multi-click, "are you SURE you want to do this"? procedure) for each one. All but about 5 of our HP servers have iLO cards with certificates are self-signed, so that's A LOT of sites that'll need to get added.
I'm sure there is a, "Don't be paranoid about SSL Certs," setting somewhere in about:config, but I haven't looked.
Like IE8, this will push the IT administration industry to be less lazy about SSL compliance. We need that, but it'll be 5 years before we really get there. As that's how long it'll take to phase out old "self-signed is good enough for internal use" software and widgets.