[scribus] Scribus Websites use a self-signed SSL certificate

Tornóci László torlasz at net.sote.hu
Sat Jun 25 05:55:50 UTC 2011


On 06/25/2011 01:43 AM, O. Moskalenko wrote:
> * Barry McKenna<bmcken at pobox.com>  [2011-06-24 14:57:02 -0700]:
>
>> Re: my post above on the cursor/frame issue:
>>
>> I went to Mantis, intending to get the # for that report that I
>> filed and my Firefox was giving me major warnings about the security
>> of the Mantis:
>>
>> Untrusted connection.
...
>> Barry McKenna

> To Barry and anyone else who is wondering what's happening here is the
> official explanation from the team. All Scribus websites available through a
> secure connection use our self-signed SSL certificate. Therefore, every
> browser will warn you about it in the worst way possible as they don't appear
> to have any good ideas about presenting correct certificate information.
...
> Alex who actually generated and signed the certificate.

Suggestion: publish the cert of your root CA, and describe how to import 
it into different browsers. Here is a good example (the line may end up 
broken in your mail reader):
http://www.wallawalla.edu/resources/information-technology-services/computer-helpdesk/connecting-to-the-internet/connecting-my-computer/help/wwus-root-ca-certificate/
Once you do this, all scribus sites will be accepted by the browser.

And one more point: https connections usually make sure 2 things
1. you are talking to the server you intended
2. your conversation with the server is encrypted (so passwords and 
other data are protected)

#2 works with any certificate. The problem is, #1 cannot be guaranteed 
with a self signed cert (anyone can produce a self signed cert that says 
it has been signed by the scribus team). That's why publishing the root 
CA of the Scribus team is a good idea.

					Yours: Laszlo



More information about the scribus mailing list