

Why does Google adsense have an invalid https certificate? (looks SCARY in Firefox 3) - petervandijck
http://poorbuthappy.com/ease/archives/2008/06/27/4218/google-has-an-invalid-https-security-certificate

======
notauser
The new unsigned SSL warnings are a massive overreaction - so much so that I
think Mozilla must have a deal with some certificate root companies to match
their Google deal.

For a great deal of what goes on over the internet unsigned SSL is just fine.
You don't care who you are dealing with, you just care that no one else can
listen in (and sometimes that it is the same guy as last time). You only need
authentication for banking, shopping and a few other corner cases.

~~~
jamess
The problem with "not caring who you're dealing with", is that it raises the
possibility that who you're actually dealing with is a man in the middle, who
is snooping on your traffic. If you get warned that a certificate is self-
signed or signed by an untrusted authority, then you either have to check the
key fingerprint or take a chance. Not that I'm happy with firefox taking this
choice away from you, mind.

------
coglethorpe
Try it with www.google.com instead of just google.com.

~~~
spydez
Exactly.

For some reason, Google has SSL certs for www.google.com, and tries to use
that cert for google.com connections too.

~~~
jamess
They used to have a far more expansive certificate, with a subject alt. name
good for *.google.com, and I think google.com as well, so they could use it on
subdomains like adsense.google.com. It was a really handy server for testing
TLS implementations with big complex certificates. It was also sort of
illegal, having both a common name and subject alt. names. However, the
certificate expired and they got a new one early this year, and now it's some
bog standard thwate issued cert, good only for one year (Hello! You have
billions, you can afford to get a certificate issued for more than a year at a
time guys!)

Anyway, you should really only be warned in the event of domain name mismatch.
This isn't a fatal error. I guess firefox has gone overboard on the treating
users like idiots front.

------
thwarted
These resized-by-the-browser images are getting really annoying, I've noticed
an uptick in it the six months or so. That image is completely unreadable with
the explicit height and width in the layout, and it's not overly big that
including it all without resizing would matter. Additionally, you have to
click /again/ to see the actual content.

