Mozilla has introduced several new features into its newest version of Firefox, many of which are welcomed improvements.  One change that people aren’t to happy with, is the new security features that inhibit visitors from viewing certain websites that have expired or self-signed SSL certificates. 

Now, when you visit a website with either an expired or a self-signed SSL certificate, Firefox 3 will not show the page at all.  Instead, it now displays an error message similar to any other browser error- such as the feared “page not found” 404 message.  To get past this error page, users have to go through four different steps before they can access the website, which creates a huge usability problem, according to Pingdom. 

The problem isn’t small either, it’s effecting a surprisingly large amount of sites that all have expired certificates.  It’s estimated that nearly 18% of Fortune 1000 websites have expired SSL certificates, including respected sites such as the official US Army website.  All in all, the number of SSL websites has grown to over 600,000 in recent times, and with using the 18% figure, it results in some 108,000 websites that have invalid or un-signed SSL certificates.  Each and every one of these sites would now show an blank error page in Firefox 3.

It’s easy for sites to forget about their SSL certificates, and especially easy to forget about updating it.  A few prime examples are Google’s AdWords, Checkout, and GMail, as well as the popular LinkedIn social community who have been known for invalid SSL certificates.  In the past, browsers would just return a simple pop-up error notifying the guest of the problem and then quickly proceed to the site, but Firefox won’t have it.  They’ve vowed to make web-browsing more secure with its latest version, and it might just do it slowly but surely.

Since Firefox is increasingly becoming the browser of choice for most people, large-scale websites will almost have to start paying more attention to their SSL certificates to make sure visitors can always access their sites problem-free.  Jonathan Nightingale, who works with usability and security at Mozilla, had this to say when referring to the new SSL tactics; “I don’t think the approach in Firefox 3 is perfect, I’m not sure any of us do. I have filed bugs, and talked about things I think we could do to continue to enhance our users’ security while at the same time reducing unnecessary annoyances.”  I think a new approach would be welcomed at this point.  Until things change, here’s how to get around the problem and view websites that are showing the SSL errors;

1. The initial error page comes on the screen when accessing the site. It basically looks like any other error page that would show up when you can’t load a page. Note the little “Or you can add an exception…”
2. When you click on the link you get the two buttons ”Get me out of here!” and “Add exception”, as well as an additional warning.
3. Get the certificate, provided you clicked on “add exception”.
4. Accept the certificate.
5. Finally land on the actual page.