On 9/13/2011 10:29 AM, Tei wrote:
*a random php programmer shows*
He, I just want to self-sign my CERT's and remove the ugly warning that browsers shows. I don't want to pay 1000$ a year, or 1$ a year for that. I just don't want to use cleartext for internet data transfer. HTTP is like telnet, and HTTPS is like ssh. But with ssh is just can connect, with browsers theres this ugly warning and "fuck you, self-signed certificate" from the browsers. Please make the pain stop!.
With ssh, you will get a warning if the remote host key is not known, with a fingerprint and advice not to accept it if you don't know if it is correct. This is a direct analog to the warning that the remote host's certificate cannot be verified. In both cases, you are given the chance to accept the key/certificate and continue going; depending on the implementation, you might also be given the option to accept it once or forever. Ssh is actually prone to bigger, uglier, more explicit "you probably don't want to trust this" warnings, especially about things like key changes.