PDA

View Full Version : Personal Certificates in 5.5?


j.a.duke
2006-04-13, 05:04 PM
I have a colleague at MIT who needs personal certificate support to access their secure pages and OW 5.1.x doesn't support that.

Will 5.5 add the support required for this? Since I'm not at MIT, I can't test this. He indicated to me that Camino, Safari 2.x, and "ancient" versions of Netscape all offer support.

He's a big fan of OW now, but has to revert back to another browser to get work done (as he puts it).

Thanks for any feedback on this.

Cheers,
Jon

marc
2006-04-17, 08:44 PM
Certificate support is something that Camino has added fairly recently (done rather well, BTW) and it's been something I've missed from OmniWeb -- e.g. having to switch to Safari to create and save email certs to the Keychain.

I've assumed that this would be something that would be picked up when moving to WebKit, but I'm not sure how much extra work will be required...?

Cortig
2006-04-18, 10:45 AM
I have a colleague at MIT who needs personal certificate support to access their secure pages and OW 5.1.x doesn't support that.



Talking about Certificates, I'dlike to be able to import Server certificates in my Keychain from OW itself.
I sometimes connect to sites with self-signed certificates and the current procedure for importing the cert in my x509 anchors is a bit tedious :(

NickM
2006-04-18, 07:24 PM
As an MIT student, I would heartily endorse the support of client side certificates and being able to add a self-signed cert to the X509 anchors from Omniweb. I think there is a bug in the current Safari in that it doesn't work with multiple client certificates, it only works with the first one you add. Still, that is better than nothing.

<rant>From a usability standpoint, SSL certificates and client certificates have to be one of the worst technologies ever invented. Large organizations frequently don't get their certs signed because it is to expensive and onerous and users don't have much choice but to ignore all dialogs because they know they have no idea what they are saying</rant>

Cortig
2006-04-18, 07:57 PM
<rant>From a usability standpoint, SSL certificates and client certificates have to be one of the worst technologies ever invented. Large organizations frequently don't get their certs signed because it is to expensive and onerous and users don't have much choice but to ignore all dialogs because they know they have no idea what they are saying</rant>

I blame it all on the Network Admins for not properly distributing the self-signed certificates!!!


Corentin

NickM
2006-04-19, 07:23 PM
I blame it all on the Network Admins for not properly distributing the self-signed certificates!!!

You can put the blame where you want, but I have been an associate of a couple of large technical organizations (such as MIT) with more than 10k users and they're still using self-signed certs or unencrypted connections. Distributing certs to so many users is impractical---the users have to self-provision (on every browser installation they use).

I think the technology is to blame if the users (the system administrators) aren't interested or able to avoid having their users manage certificates themselves. Basically, no one likes dealing with certificates, not the browser vendors, not the server maintainers, not the network admins, not the end users. Somehow it works in limited cases, but it's always a pain in the ass for the person who deals with the certs.

Cortig
2006-04-19, 07:51 PM
You can put the blame where you want,

Sorry Nick, I should have been more clear: I was speaking by personal experience and here the certs have simply *not* been made available by the Admins (actually I even received a nasty-gram when I asked for the public cert).
I didn't mean all admins everywhere were to blame :)

Corentin