On Sat, 09 Dec 2006 23:17:12 -0600, "John H Meyers" <jhmeyers@xxxxxxxxxxxxxx>
>On Fri, 08 Dec 2006 18:24:05 -0600,
>Yngve Nysaeter Pettersen (Developer, Opera Software A/S):
>> Serious websites do not trigger warnings, certificate or otherwise.
>I'll give a counter-example -- we have a site for access only
>by some of our own executives, and we want to secure traffic
> from prying eyes via SSL; we are a small non-profit,
>and do not want to throw money at a CA, so we install
>a self-signed cert and accept it on the execs' computers,
>but we can do that only via other browsers.
Selfsigned certificates and root certificates from unknown chains can be
installed, that is what the install button is for.
And yes, I am referring to public access serious sites, but even private sites
should send a complete chain when the client might not have the root