Weird, what versions of those browsers? I have IE9 here and it's pre-installed.
I have been using it, hassle free (with the CA cert pre-installed on Chrome,FF & IE) since 2011 now...
Something must have been afoot with your testing - I'm not blaming you - I just can't see how it wouldn't have worked a year ago based on my experience with default browsers...
StartSSL *does* have a pre-installed CA cert on any browser I have tried. I'll be curious to know which browsers do not have it.
You know they actually do, right?
(On any browser I have tried in the last few years)
Just use a free TLS cert from StartSSL
You know you can get free SSL certificates, right?
Or Jibbers!
It's the only place I can get decent reception. Relocate your router and I'll gladly get off your lawn.
In the meantime, can you please give it a quick mow? It's getting long and tickly.
Unless your company/vendor forces you to use it externally, or will not provide said VM for internal sites.
I'm not agreeing that it's OK to use such a browser, just saying that it's not necessarily the users own fault. Companies can be idiots too when it comes to IT security.
I don't know his exact situation, but it's possible that the company he works at has an app that only works with IE6. There used to be many apps like this.
If this is such a case, the fuckwad is the company (for not hiring developers to upgrade the app) or the vendor that supplies the app without upgrading it (Maybe the company is still to blame for not moving to a more current product, or maybe there isn't one). Either way, the user that is forced to stick with the crappy browser is not necessarily the problem.
Though he might be!
You are correct in your understanding.
You can also check your privacy just by looking at the certificate for any site you are visiting over HTTPS. Check the certificate authority and make sure it looks legitimate. If you are unsure, you could look the cert up using an online service and compare the online version and your local version.
They should match but there always caveats - Maybe the site is using different certs on different parts of a CDN that has its own server cert installed in browsers. CloudFare is a good example of this - they can create valid certs as they please since they partnered with GlobalSign.
But your VM method should be just fine, yeah
Free ones (at least StartSSL) are recognized by most browsers that I have tried. That's an anecdotal, non-exhaustive list, of course. I'd be curious to find out what mainstream browsers do not recognise them though.
With StartSSL the actual cert generation is easier than that as they create the key on their server first and they ask for the forms on the site. No CSR is needed, though you can do it that way if you wish.
What is a tiny bit annoying is their authentication - you need a client authentication cert installed on your browser. Not hard in itself, but annoying if you have let the old one expire as they then need to review your request for a new one.
One other thing is verification that you own the domain, through various methods. Not hard to do, but automated and very necessary.
No
What? I think this thread is going off track somewhat. I don't think Dave420 was talking about Client Auth certs. He was talking about root certs installed on the clients. Without the standard set of root and intermediate certs installed on the client (Installed by default on web browsers and some other clients such as Java virtual machines etc), TLS will not work (Well it will, but there will be warnings).
What Dave420 meant was that for the appliances and software solutions that cache/inspect the TLS traffic can only do so if a new root cert is installed on the client. This root cert enables the MITM device to create its own cert for any website without the client throwing up a warning.
Nothing to do with client auth.
Except modern browsers and servers support SNI, so the hostname is now sent as plaintext on the network.
The Tao is like a glob pattern: used but never used up. It is like the extern void: filled with infinite possibilities.
