Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-13 05:15:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 282893 Properly indent children in help files especially <div> cert_dialog_help fixes

Browse Source 
p=giacomo.magnini@portalis.it r=me
This commit is contained in:
bugzilla%arlen.demon.co.uk 2005-02-27 23:05:25 +00:00
parent b165e1ff80
commit 6ab883bbd3
1 changed files with 380 additions and 317 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

697
extensions/help/resources/locale/en-US/cert_dialog_help.xhtml
View File

@ -1,24 +1,29 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" [
<!ENTITY % brandDTD SYSTEM "chrome://global/locale/brand.dtd" >
%brandDTD;
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"[
<!ENTITY % brandDTD SYSTEM "chrome://global/locale/brand.dtd" >
%brandDTD;
]>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Certificate Information and Decisions</title>
<link rel="stylesheet" type="text/css" href="chrome://help/locale/helpFileLayout.css"/>
<title>Certificate Information and Decisions</title>
<link rel="stylesheet" href="chrome://help/locale/helpFileLayout.css"
type="text/css"/>
</head>
<body>
<div class="boilerPlate">This document is provided for your information only.
It may help you take certain steps to protect the privacy and security of your personal
information on the Internet. This document does not, however, address all online privacy
and security issues, nor does it represent a recommendation about what
constitutes adequate privacy and security protection on the Internet.</div>
<h1 id="certificate_information_and_decisions">Certificate Information and Decisions</h1>
<div class="boilerPlate">This document is provided for your information only.
It may help you take certain steps to protect the privacy and security of
your personal information on the Internet. This document does not, however,
address all online privacy and security issues, nor does it represent a
recommendation about what constitutes adequate privacy and security
protection on the Internet.</div>
<h1 id="certificate_information_and_decisions">Certificate Information and
Decisions</h1>
<p>This section describes how to use various windows displayed at different times by
Certificate Manager. The additional information given here appears when you click
the Help button in one of those windows.</p>
@ -37,27 +42,28 @@
<h2 id="certificate_viewer">Certificate Viewer</h2>
<p>The Certificate Viewer displays information about a certificate you selected
in one of the Certificate Manager tabs. The General tab summarizes
information about who issued the certificate, its verification status, what
the certificate can be used for, and so on. The Details tab provides complete
details on the certificate&apos;s contents.</p>
<p>The Certificate Viewer displays information about a certificate you selected in
one of the Certificate Manager tabs. The General tab summarizes information about
who issued the certificate, its verification status, what the certificate can be
used for, and so on. The Details tab provides complete details on the
certificate&apos;s contents.</p>
<p>If you are not currently viewing the Certificate Viewer, follow these steps:</p>
<p>If you are not currently viewing the Certificate Viewer, follow these
steps:</p>
<ol>
<li>Open the <span class="mac">&brandShortName;</span>
<span class="noMac">Edit</span> menu and choose Preferences.</li>
<li>Under the Privacy &amp; Security category, click Certificates. (If no
subcategories are visible, double-click Privacy &amp; Security to expand the list.)</li>
<li>Click Manage Certificates.</li>
<li>Click the tab for the type of certificate whose details you want to view.</li>
<li>Select the certificate whose details you want to view.</li>
<li>Click View.</li>
<li>Open the <span class="mac">&brandShortName;</span>
<span class="noMac">Edit</span> menu and choose Preferences.</li>
<li>Under the Privacy &amp; Security category, click Certificates. (If no
subcategories are visible, double-click Privacy &amp; Security to expand
the list.)</li>
<li>Click Manage Certificates.</li>
<li>Click the tab for the type of certificate whose details you want to
view.</li>
<li>Select the certificate whose details you want to view.</li>
<li>Click View.</li>
</ol>
<div class="contentsBox">In this section:
<ul>
<li><a href="#general_tab">General Tab</a></li>
@ -67,247 +73,281 @@
<h3 id="general_tab">General Tab</h3>
<p>When you first open the Certificate Viewer, the General tab displays several kinds
of information about the selected certificate:</p>
<p>When you first open the Certificate Viewer, the General tab displays several
kinds of information about the selected certificate:</p>
<ul>
<li><strong>This certificate has been verified for the following uses:</strong>
See <a href="glossary.xhtml#certificate_verification">certificate verification</a>
for a discussion of how the Certificate Manager verifies certificates. Uses can
include any of the following:
<li><strong>This certificate has been verified for the following
uses:</strong> See
<a href="glossary.xhtml#certificate_verification">certificate verification</a>
for a discussion of how the Certificate Manager verifies certificates. Uses
can include any of the following:
<ul>
<li><strong>SSL Client Certificate:</strong> Certificate used to identify you
to websites.</li>
<li><strong>SSL Server Certificate:</strong> Certificate used to identify a
website server to browsers.</li>
<li><strong>Email Signer Certificate:</strong> Certificate used to identify you
for the purposes of digitally signing email messages.</li>
<li><strong>Email Recipient Certificate:</strong> Certificate used to identify
someone else, for example so you can send that person encrypted email.</li>
<li><strong>Status Responder Certificate:</strong> Certificate used to identify
an online status responder that uses the Online Certificate Status Protocol
(OCSP) to check the validity of certificates. For more information about
OCSP, see <a href="validation_help.xhtml">Validation Settings</a>.</li>
<li><strong>SSL Certificate Authority:</strong> Certificate used to identify
a certificate authority&mdash;that is, a service that issues certificates for
use as identification over computer networks.</li>
<li><strong>SSL Client Certificate:</strong> Certificate used to identify
you to websites.</li>
<li><strong>SSL Server Certificate:</strong> Certificate used to identify
a website server to browsers.</li>
<li><strong>Email Signer Certificate:</strong> Certificate used to
identify you for the purposes of digitally signing email messages.</li>
<li><strong>Email Recipient Certificate:</strong> Certificate used to
identify someone else, for example so you can send that person
encrypted email.</li>
<li><strong>Status Responder Certificate:</strong> Certificate used to
identify an online status responder that uses the Online Certificate
Status Protocol (OCSP) to check the validity of certificates. For more
information about OCSP, see
<a href="validation_help.xhtml">Validation Settings</a>.</li>
<li><strong>SSL Certificate Authority:</strong> Certificate used to
identify a certificate authority&mdash;that is, a service that issues
certificates for use as identification over computer networks.</li>
</ul>
</li>
<li><strong>Issued To:</strong> Summarizes the following information about the
certificate:
<ul>
<li><strong>Common Name:</strong> The name of the person or other entity that
the certificate identifies.</li>
<li><strong>Organization:</strong> The name of the organization to which the
entity belongs (such as the name of a company).</li>
<li><strong>Organizational Unit:</strong> The name of the organizational unit
to which the entity belongs (such as Accounting Department).</li>
<li><strong>Serial Number:</strong> The certificate&apos;s serial number.</li>
</ul>
</li>
<li><strong>Issued By:</strong> Summarizes information (similar to that provided
under <q>Issued To</q>; see above) about the certificate authority (CA)
that issued the certificate.</li>
<li><strong>Validity:</strong> Indicates the period during which the certificate
is valid.</li>
<li><strong>Fingerprints:</strong> Lists the certificate&apos;s fingerprints. A
fingerprint is a unique number produced by applying a mathematical function to
the certificate contents. A certificate&apos;s fingerprint can be used to verify
that the certificate has not been tampered with.</li>
</ul>
</li>
<li><strong>Issued To:</strong> Summarizes the following information about
the certificate:
<ul>
<li><strong>Common Name:</strong> The name of the person or other entity
that the certificate identifies.</li>
<li><strong>Organization:</strong> The name of the organization to which
the entity belongs (such as the name of a company).</li>
<li><strong>Organizational Unit:</strong> The name of the organizational
unit to which the entity belongs (such as Accounting Department).</li>
<li><strong>Serial Number:</strong> The certificate&apos;s serial
number.</li>
</ul>
</li>
<li><strong>Issued By:</strong> Summarizes information (similar to that
provided under <q>Issued To</q>; see above) about the certificate authority
(CA) that issued the certificate.</li>
<li><strong>Validity:</strong> Indicates the period during which the
certificate is valid.</li>
<li><strong>Fingerprints:</strong> Lists the certificate&apos;s fingerprints.
A fingerprint is a unique number produced by applying a mathematical
function to the certificate contents. A certificate&apos;s fingerprint can
be used to verify that the certificate has not been tampered with.</li>
</ul>
<h3 id="details_tab">Details Tab</h3>
<p>Click the Details tab at the top of the Certificate Viewer to see more detailed
information about the selected certificate. To examine information for any certificate
in the Certificate Hierarchy area, select its name, select the field under Certificate
Fields that you want to examine, and read the field&apos;s value under Field Value:</p>
<p>Click the Details tab at the top of the Certificate Viewer to see more
detailed information about the selected certificate. To examine information
for any certificate in the Certificate Hierarchy area, select its name,
select the field under Certificate Fields that you want to examine, and
read the field&apos;s value under Field Value:</p>
<ul>
<li><strong>Certificate Hierarchy:</strong> Displays the certificate chain, with the
certificate you originally selected at the bottom. A certificate chain is a
hierarchical series of certificates signed by successive certificate authorities
(CAs). A CA certificate identifies a <a href="glossary.xhtml#certificate_authority">certificate authority</a> and is
used to sign certificates issued by that authority. A CA certificate can in turn
be signed by the CA certificate of a parent CA and so on up to a <a href="glossary.xhtml#root_ca">root CA</a>.</li>
<li><strong>Certificate Fields:</strong> Displays the fields of the certificate
selected under Certificate Hierarchy.</li>
<li><strong>Field Value:</strong> Displays the value of the field selected under
Certificate Fields.</li>
<li><strong>Certificate Hierarchy:</strong> Displays the certificate chain,
with the certificate you originally selected at the bottom. A certificate
chain is a hierarchical series of certificates signed by successive
certificate authorities (CAs). A CA certificate identifies a
<a href="glossary.xhtml#certificate_authority">certificate authority</a>
and is used to sign certificates issued by that authority. A CA certificate
can in turn be signed by the CA certificate of a parent CA and so on up to
a <a href="glossary.xhtml#root_ca">root CA</a>.</li>
<li><strong>Certificate Fields:</strong> Displays the fields of the
certificate selected under Certificate Hierarchy.</li>
<li><strong>Field Value:</strong> Displays the value of the field selected
under Certificate Fields.</li>
</ul>
<p>The Certificate Viewer displays basic ANSI types in human-readable form wherever
possible. For fields whose contents the Certificate Manager cannot interpret, it
displays the actual values contained in the certificate.</p>
<p>The Certificate Viewer displays basic ANSI types in human-readable form
wherever possible. For fields whose contents the Certificate Manager cannot
interpret, it displays the actual values contained in the certificate.</p>
<h2 id="choose_security_device">Choose Security Device</h2>
<p>A security device (sometimes called a token) is a hardware or software device that
provides cryptographic services such as encryption and decryption and stores
certificates and keys. The Choose Security Device window appears when Certificate
Manager needs help deciding which security device to use when importing a certificate
or performing a cryptographic operation, such as generating keys for a new
certificate. This window allows you to select one of two or more security devices
that Certificate Manager has detected on your machine.</p>
<p>A security device (sometimes called a token) is a hardware or software
device that provides cryptographic services such as encryption and decryption
and stores certificates and keys. The Choose Security Device window appears
when Certificate Manager needs help deciding which security device to use
when importing a certificate or performing a cryptographic operation, such as
generating keys for a new certificate. This window allows you to select one
of two or more security devices that Certificate Manager has detected on your
machine.</p>
<p>A smart card is one example of a security device. For example, if a smart card reader
connected to your computer has a smart card inserted in it, the name of the smart card
will show up in the drop-down menu. In this case, you must choose the name of the smart
card from the menu to let Certificate Manager know that you want to use it.</p>
<p>A smart card is one example of a security device. For example, if a smart
card reader connected to your computer has a smart card inserted in it, the
name of the smart card will show up in the drop-down menu. In this case, you
must choose the name of the smart card from the menu to let Certificate
Manager know that you want to use it.</p>
<p>The Certificate Manager also supplies its own default, built-in security device, which
can always be used no matter what additional devices are or aren&apos;t available.</p>
<p>The Certificate Manager also supplies its own default, built-in security
device, which can always be used no matter what additional devices are or
aren&apos;t available.</p>
<h2 id="encryption_key_copy">Encryption Key Copy</h2>
<p><a href="glossary.xhtml#certificate_authority">Certificate authorities (CAs)</a>
that issue separate signing and encryption email certificates typically make backup
copies of your private <a href="glossary.xhtml#encryption_key">encryption key</a> during
the certificate enrollment process.</p>
that issue separate signing and encryption email certificates typically make
backup copies of your private
<a href="glossary.xhtml#encryption_key">encryption key</a> during the
certificate enrollment process.</p>
<p>The Encryption Key Copy dialog box allows you to approve the creation of such a backup
or cancel the certificate request. A CA that has archived a backup copy of your
encryption key has the potential capability of decrypting any messages you receive that
were encrypted with your corresponding public key.</p>
<p>The Encryption Key Copy dialog box allows you to approve the creation of
such a backup or cancel the certificate request. A CA that has archived a
backup copy of your encryption key has the potential capability of
decrypting any messages you receive that were encrypted with your
corresponding public key.</p>
<p>You can take these actions from the Encryption Key Copy dialog box:</p>
<ul>
<li><strong>View Certificate:</strong> To view the certificate identifying the CA that
is requesting the backup copy, click View Certificate.</li>
<li><strong>OK:</strong> If you trust the CA identified by the CA certificate to decrypt
encrypted messages that you receive, click OK.
<p>If you are not sure whether to trust the CA that is requesting the backup copy, talk
to your system administrator.</p></li>
<li><strong>Cancel:</strong> If you don&apos;t trust the CA that is requesting the backup
copy, don&apos;t request a certificate from it. Click Cancel to stop both the backup
procedure and the request for a certificate.</li>
<li><strong>View Certificate:</strong> To view the certificate identifying
the CA that is requesting the backup copy, click View Certificate.</li>
<li><strong>OK:</strong> If you trust the CA identified by the CA certificate
to decrypt encrypted messages that you receive, click OK.
<p>If you are not sure whether to trust the CA that is requesting the
backup copy, talk to your system administrator.</p>
</li>
<li><strong>Cancel:</strong> If you don&apos;t trust the CA that is
requesting the backup copy, don&apos;t request a certificate from it. Click
Cancel to stop both the backup procedure and the request for a
certificate.</li>
</ul>
<p>After your CA makes a backup copy of the encryption key, you will be able to use that key
to access your encrypted mail even if you lose your password or lose your own copy of
the key. If no backup copy of your encryption key exists and you lose your password or
the key, you will have no way of reading email messages that were encrypted with that key.</p>
<p>After your CA makes a backup copy of the encryption key, you will be able to
use that key to access your encrypted mail even if you lose your password or
lose your own copy of the key. If no backup copy of your encryption key
exists and you lose your password or the key, you will have no way of reading
email messages that were encrypted with that key.</p>
<h2 id="certificate_backup">Certificate Backup</h2>
<p>When you receive a certificate, make a backup copy of the certificate and its private key,
then store the copy in a safe place. For example, you can put the copy on a floppy disk and
store it with other valuable items under lock and key. That way, even if you have hard disk
or file corruption problems, you can easily restore the certificate.</p>
<p>When you receive a certificate, make a backup copy of the certificate and
its private key, then store the copy in a safe place. For example, you can
put the copy on a floppy disk and store it with other valuable items under
lock and key. That way, even if you have hard disk or file corruption
problems, you can easily restore the certificate.</p>
<p>It can be inconvenient, at best, and in some situations catastrophic to lose your certificate
and its associated private key, depending on what you use it for. For example:</p>
<p>It can be inconvenient, at best, and in some situations catastrophic to lose
your certificate and its associated private key, depending on what you use it
for. For example:</p>
<ul>
<li>If you lose a certificate that identifies you to important websites, you will not be
able to access those websites until you obtain a new certificate. </li>
<li>If you lose a certificate used to encrypt email messages, you will not be able to read
any of your encrypted email&mdash;including both encrypted messages that you have sent and
encrypted messages that you have received. In this case, if you cannot obtain a backup of
the private encryption key associated with the certificate, you will never be able to read
any of the messages encrypted with that key.</li>
<li>If you lose a certificate that identifies you to important websites, you
will not be able to access those websites until you obtain a new
certificate. </li>
<li>If you lose a certificate used to encrypt email messages, you will not
be able to read any of your encrypted email&mdash;including both encrypted
messages that you have sent and encrypted messages that you have received.
In this case, if you cannot obtain a backup of the private encryption key
associated with the certificate, you will never be able to read any of the
messages encrypted with that key.</li>
</ul>
<p>Like any other valuable data, certificates should be backed up to avoid future
trouble and expense. Do it now so you don&apos;t forget.</p>
<p>Like any other valuable data, certificates should be backed up to avoid
future trouble and expense. Do it now so you don&apos;t forget.</p>
<h2 id="user_identification_request">User Identification Request</h2>
<p>Some websites require that you identify yourself with a certificate rather than a name
and password, because certificates provide a more reliable form of identification. This
method of identifying yourself over the Internet is sometimes called
<p>Some websites require that you identify yourself with a certificate rather
than a name and password, because certificates provide a more reliable form
of identification. This method of identifying yourself over the Internet is
sometimes called
<a href="glossary.xhtml#client_authentication">client authentication</a>.</p>
<p>However, Certificate Manager may have more than one certificate on file that can be used
for the purposes of identifying yourself to a website. In this case, Certificate Manager
presents the User Identification Request dialog box, which displays two kinds of
<p>However, Certificate Manager may have more than one certificate on file that
can be used for the purposes of identifying yourself to a website. In this
case, Certificate Manager presents the User Identification Request dialog
box, which displays two kinds of information:</p>
<p><strong>This site has requested that you identify yourself with a
certificate:</strong> This section of the dialog box lists the following
information:</p>
<p><strong>This site has requested that you identify yourself with a certificate:</strong>
This section of the dialog box lists the following information:</p>
<ul>
<li><strong>Host name:</strong> The name of the server requesting identification,
used as part of its URL. For example, the host name for the Netscape website
is <tt>home.netscape.com</tt>.</li>
<li><strong>Organization:</strong> The name of the organization that runs the web
site.</li>
<li><strong>Issued under:</strong> The name of the
<a href="glossary.xhtml#certificate_authority">certificate authority
(CA)</a> that issued the certificate.</li>
</ul>
<ul>
<li><strong>Host name:</strong> The name of the server requesting
identification, used as part of its URL. For example, the host name for the
Netscape website is <tt>home.netscape.com</tt>.</li>
<li><strong>Organization:</strong> The name of the organization that runs the
web site.</li>
<li><strong>Issued under:</strong> The name of the
<a href="glossary.xhtml#certificate_authority">certificate authority (CA)</a>
that issued the certificate.</li>
</ul>
<p><strong>Choose a certificate to present as identification:</strong> The certificates you
have available for the purposes of identifying yourself to a website are listed in the
drop-down list in this section of the dialog box. Choose the certificate that seems most
likely to be recognized by the website you want to visit.</p>
<p><strong>Choose a certificate to present as identification:</strong> The
certificates you have available for the purposes of identifying yourself to a
website are listed in the drop-down list in this section of the dialog box.
Choose the certificate that seems most likely to be recognized by the website
you want to visit.</p>
<p>To help you decide, the following details of the selected certificate are displayed:</p>
<ul>
<li><strong>Issued to:</strong> Lists information about the person identified by the
certificate (for example, your name and email address) and the certificate&apos;s
serial number and validity dates.</li>
<li><strong>Issued by:</strong> Summarizes information about the CA that issued the
certificate, such as its name, location, and state.</li>
</ul>
<p>To help you decide, the following details of the selected certificate are
displayed:</p>
<ul>
<li><strong>Issued to:</strong> Lists information about the person identified
by the certificate (for example, your name and email address) and the
certificate&apos;s serial number and validity dates.</li>
<li><strong>Issued by:</strong> Summarizes information about the CA that
issued the certificate, such as its name, location, and state.</li>
</ul>
<h2 id="new_certificate_authority">New Certificate Authority</h2>
<p>The certificates that the Certificate Manager has on file, whether stored on your computer
or on an external security device such as a smart card, include certificates that
identify <a href="glossary.xhtml#certificate_authority">certificate authorities
(CAs)</a>. To be able to recognize any other certificates it has on file, Certificate
Manager must have certificates for the CAs that issued or authorized issuance of those
certificates.</p>
<p>The certificates that the Certificate Manager has on file, whether stored on
your computer or on an external security device such as a smart card, include
certificates that identify
<a href="glossary.xhtml#certificate_authority">certificate authorities (CAs)</a>.
To be able to recognize any other certificates it has on file, Certificate
Manager must have certificates for the CAs that issued or authorized issuance
of those certificates.</p>
<p>When you decide to trust a CA, Certificate Manager downloads that CA&apos;s certificate and can
then recognize the kinds of certificates you trust that CA to issue.</p>
<p>When you decide to trust a CA, Certificate Manager downloads that CA&apos;s
certificate and can then recognize the kinds of certificates you trust that
CA to issue.</p>
<p>Before downloading a new CA certificate, Certificate Manager allows you to specify the
purposes for which you trust the certificate, if at all. You can select any of the
following options:</p>
<p>Before downloading a new CA certificate, Certificate Manager allows you to
specify the purposes for which you trust the certificate, if at all. You can
select any of the following options:</p>
<ul>
<li><strong>Trust this CA to identify websites: </strong>Website certificates for some
sites, such as those that handle financial transactions, can be extremely important,
and inappropriate or false identification can have negative consequences.</li>
<li><strong>Trust this CA to identify email users: </strong>If you intend to send email
users confidential information in encrypted form, or if accurate identification of
email users is important to you for any other reason, you should consider carefully the
CA&apos;s procedures for identifying prospective certificate owners and whether they are
appropriate for your purposes before selecting this option.</li>
<li><strong>Trust this CA to identify software developers:</strong> Selecting this option
means that you trust the CA to issue certificates that identify the origin of Java
applets and JavaScript scripts requesting special access to your computer, such as the
ability to change files. Since such access privileges can be misused, for example to
destroy data stored on your hard disk, be very careful about selecting this option
unless you are certain that you trust the CA for this purpose.</li>
<li><strong>Trust this CA to identify websites:</strong> Website certificates
for some sites, such as those that handle financial transactions, can be
extremely important, and inappropriate or false identification can have
negative consequences.</li>
<li><strong>Trust this CA to identify email users:</strong> If you intend to
send email users confidential information in encrypted form, or if accurate
identification of email users is important to you for any other reason, you
should consider carefully the CA&apos;s procedures for identifying
prospective certificate owners and whether they are appropriate for your
purposes before selecting this option.</li>
<li><strong>Trust this CA to identify software developers:</strong> Selecting
this option means that you trust the CA to issue certificates that identify
the origin of Java applets and JavaScript scripts requesting special access
to your computer, such as the ability to change files. Since such access
privileges can be misused, for example to destroy data stored on your hard
disk, be very careful about selecting this option unless you are certain
that you trust the CA for this purpose.</li>
</ul>
<p>Before you decide to trust a new CA, make sure that you know who is operating it. Make
sure the CA&apos;s policies and procedures are appropriate for the kinds of certificates it
issues. For example, if the CA issues certificates identifying websites you use for
financial transactions, make sure you are comfortable with the level of assurance the CA
<p>Before you decide to trust a new CA, make sure that you know who is
operating it. Make sure the CA&apos;s policies and procedures are
appropriate for the kinds of certificates it issues. For example, if the CA
issues certificates identifying websites you use for financial transactions,
make sure you are comfortable with the level of assurance the CA
provides.</p>
<ul>
<li><strong>View:</strong> Click this button to view the CA certificate you are about to
download. If you decide you don&apos;t want to download this certificate, click Cancel.</li>
<li><strong>View:</strong> Click this button to view the CA certificate you
are about to download. If you decide you don&apos;t want to download this
certificate, click Cancel.</li>
</ul>
<h2 id="web_site_certificates">Website Certificates</h2>
<p>One of the windows listed here may appear when you attempt to go to a website that
supports the use of <a href="glossary.xhtml#ssl">SSL</a> for
<p>One of the windows listed here may appear when you attempt to go to a
website that supports the use of <a href="glossary.xhtml#ssl">SSL</a> for
<a href="glossary.xhtml#authentication">authentication</a> and
<a href="glossary.xhtml#encryption">encryption</a>.</p>
<div class="contentsBox">In this section:
<ul>
<li><a href="#web_site_certified_by_an_unknown_authority">Website Certified by an Unknown Authority</a></li>
<li><a href="#web_site_certified_by_an_unknown_authority">Website Certified
by an Unknown Authority</a></li>
<li><a href="#server_certificate_expired">Server Certificate Expired</a></li>
<li><a href="#server_certificate_not_yet_valid">Server Certificate Not Yet Valid</a></li>
<li><a href="#server_certificate_not_yet_valid">Server Certificate Not Yet
Valid</a></li>
<li><a href="#domain_name_mismatch">Domain Name Mismatch</a></li>
</ul>
</div>
@ -315,169 +355,192 @@ were encrypted with your corresponding public key.</p>
<h3 id="web_site_certified_by_an_unknown_authority">Website Certified by an Unknown
Authority</h3>
<p>Many websites use certificates to identify themselves when you visit the site. If
Certificate Manager doesn&apos;t recognize the <a href="glossary.xhtml#certificate_authority">
certificate authority (CA)</a> that issued a website&apos;s certificate, it displays an alert
that allows you to examine the new website certificate and decide what to do.</p>
<p>Many websites use certificates to identify themselves when you visit the
site. If Certificate Manager doesn&apos;t recognize the
<a href="glossary.xhtml#certificate_authority"> certificate authority (CA)</a>
that issued a website&apos;s certificate, it displays an alert that allows
you to examine the new website certificate and decide what to do.</p>
<ul>
<li><strong>Examine Certificate:</strong> Click this button to view the website&apos;s
certificate.</li>
<li><strong>Examine Certificate:</strong> Click this button to view the
website&apos;s certificate.</li>
</ul>
<p>You can choose one of these options from this alert:</p>
<ul>
<li><strong>Accept this certificate permanently.</strong> Select this option to accept
the certificate (despite the apparent problem) and connect to the website.
Certificate Manager will recognize this certificate as legitimate identification until
the certificate expires.</li>
<li><strong>Accept this certificate temporarily for this session.</strong> Select this
option to accept the certificate temporarily and connect to the website. Certificate
Manager will recognize this certificate as legitimate identification only until the
next time you launch the browser. You may see the same alert the next time you attempt
to visit the website.</li>
<li><strong>Do not accept this certificate and do not connect to this website.</strong>
Select this option if you decide not to visit the website at all. This option might be
appropriate, for example, if you perform financial transactions at the website. In
this case you might want to report the problem to the bank or other organization that
runs the site and confirm that the site&apos;s certificate is valid before you go any
further.</li>
<ul>
<li><strong>Accept this certificate permanently.</strong> Select this option
to accept the certificate (despite the apparent problem) and connect to the
website. Certificate Manager will recognize this certificate as legitimate
identification until the certificate expires.</li>
<li><strong>Accept this certificate temporarily for this session.</strong>
Select this option to accept the certificate temporarily and connect to the
website. Certificate Manager will recognize this certificate as legitimate
identification only until the next time you launch the browser. You may see
the same alert the next time you attempt to visit the website.</li>
<li><strong>Do not accept this certificate and do not connect to this
website.</strong> Select this option if you decide not to visit the website
at all. This option might be appropriate, for example, if you perform
financial transactions at the website. In this case you might want to
report the problem to the bank or other organization that runs the site and
confirm that the site&apos;s certificate is valid before you go any
further.</li>
</ul>
<p>Click OK to confirm your choice. If you click Cancel, Certificate Manager will not
recognize the certificate as legitimate identification and will not connect to the web
site.</p>
<p>Click OK to confirm your choice. If you click Cancel, Certificate Manager
will not recognize the certificate as legitimate identification and will not
connect to the web site.</p>
<p><strong>Important note for server administrators:</strong> This alert may be triggered by
a server that is not configured correctly. To find out if this is the case, the server
administrator or webmaster for the site you are attempting to visit should check the status
of any required intermediate CAs and if necessary, install the missing certificate in the
server.</p>
<p><strong>Important note for server administrators:</strong> This alert may be
triggered by a server that is not configured correctly. To find out if this
is the case, the server administrator or webmaster for the site you are
attempting to visit should check the status of any required intermediate CAs
and if necessary, install the missing certificate in the server.</p>
<p>If you decide to contact the website&apos;s webmaster about this issue, you can include the
following information:</p>
<p>If you decide to contact the website&apos;s webmaster about this issue, you
can include the following information:</p>
<ul>
<li>The server administrator can obtain more information about intermediate CAs from here:
<li>The server administrator can obtain more information about intermediate
CAs from here:
<a href="http://kb.verisign.com/esupport/esupport/consumer/esupport.asp?id=vs2119">
http://kb.verisign.com/esupport/esupport/consumer/esupport.asp?id=vs2119</a></li>
<li>If the server is using a VeriSign certificate, the server administrator can
download the appropriate certificate from here:
<li>If the server is using a VeriSign certificate, the server administrator
can download the appropriate certificate from here:
<a href="http://www.verisign.com/support/install/index.html">
http://www.verisign.com/support/install/index.html</a></li>
</ul>
<p><strong>For advanced users:</strong> To ensure that Certificate Manager trusts all
certificates issued by a given CA, you can edit the trust settings for the corresponding
CA certificate. To do so, follow these steps:</p>
<p><strong>For advanced users:</strong> To ensure that Certificate Manager
trusts all certificates issued by a given CA, you can edit the trust
settings for the corresponding CA certificate. To do so, follow these
steps:</p>
<ol>
<li>Open the <span class="mac">&brandShortName;</span>
<span class="noMac">Edit</span> menu and choose Preferences.</li>
<li>Under the Privacy &amp; Security category, click Certificates. (If no subcategories
are visible, double-click Privacy &amp; Security to expand the list.)</li>
<li>Click Manage Certificates.</li>
<li>Click the Authorities tab.</li>
<li>Select the CA certificate whose trust settings you want to edit.</li>
<li>Click the Edit button and select the appropriate trust settings.</li>
<li>Open the <span class="mac">&brandShortName;</span>
<span class="noMac">Edit</span> menu and choose Preferences.</li>
<li>Under the Privacy &amp; Security category, click Certificates. (If no
subcategories are visible, double-click Privacy &amp; Security to expand
the list.)</li>
<li>Click Manage Certificates.</li>
<li>Click the Authorities tab.</li>
<li>Select the CA certificate whose trust settings you want to edit.</li>
<li>Click the Edit button and select the appropriate trust settings.</li>
</ol>
<h3 id="server_certificate_expired">Server Certificate Expired</h3>
<p>Like a credit card, a driver&apos;s license, and many other forms of identification, a
<a href="glossary.xhtml#certificate">certificate</a> is valid for a specified period of
time. When a certificate expires, the owner of the certificate needs to get a new
one.</p>
<p>Like a credit card, a driver&apos;s license, and many other forms of
identification, a <a href="glossary.xhtml#certificate">certificate</a> is
valid for a specified period of time. When a certificate expires, the owner
of the certificate needs to get a new one.</p>
<p>Certificate Manager warns you when you attempt to visit a website whose server
certificate has expired. The first thing you should do is make sure the time and date
displayed by your computer is correct. If your computer&apos;s clock is set to a date that is
after the expiration date, Certificate Manager treats the website&apos;s certificate as
expired. </p>
<p>Certificate Manager warns you when you attempt to visit a website whose
server certificate has expired. The first thing you should do is make sure
the time and date displayed by your computer is correct. If your
computer&apos;s clock is set to a date that is after the expiration date,
Certificate Manager treats the website&apos;s certificate as expired.</p>
<p>If your computer&apos;s clock is set correctly, you need to make a decision about whether to
trust the site. This decision depends on what you intend to do at the site and what else
you know about it. Most commercial sites will make sure that they replace their
certificates before they expire. </p>
<p>If your computer&apos;s clock is set correctly, you need to make a decision
about whether to trust the site. This decision depends on what you intend to
do at the site and what else you know about it. Most commercial sites will
make sure that they replace their certificates before they expire.</p>
<p>You can take these actions from the Expired Server Certificate dialog box:</p>
<p>You can take these actions from the Expired Server Certificate dialog
box:</p>
<ul>
<li><strong>View Certificate:</strong> To examine information about the certificate,
including its validity period, click View Certificate.</li>
<li><strong>Continue:</strong> If you have reason to believe the certificate&apos;s expiration is an
inadvertent error, you may choose to click Continue to accept the certificate anyway for this
session, and let the webmaster for the site know about the problem.
<p>Be cautious about any actions you take while you are visiting the site.</p></li>
<li><strong>Cancel:</strong> If you suspect that there may be a significant problem and you
don&apos;t want to risk visiting the site at all, click Cancel (in which case Certificate
Manager will not connect you to the site).</li>
<li><strong>View Certificate:</strong> To examine information about the
certificate, including its validity period, click View Certificate.</li>
<li><strong>Continue:</strong> If you have reason to believe the
certificate&apos;s expiration is an inadvertent error, you may choose to
click Continue to accept the certificate anyway for this session, and let
the webmaster for the site know about the problem.
<p>Be cautious about any actions you take while you are visiting the
site.</p>
</li>
<li><strong>Cancel:</strong> If you suspect that there may be a significant
problem and you don&apos;t want to risk visiting the site at all, click
Cancel (in which case Certificate Manager will not connect you to the
site).</li>
</ul>
<h3 id="server_certificate_not_yet_valid">Server Certificate Not Yet Valid</h3>
<p>Like a credit card, a driver&apos;s license, and many other forms of identification, a
<a href="glossary.xhtml#certificate">certificate</a> is valid for a specified period of
time.</p>
<p>Like a credit card, a driver&apos;s license, and many other forms of
identification, a <a href="glossary.xhtml#certificate">certificate</a> is
valid for a specified period of time.</p>
<p>Certificate Manager warns you when you attempt to visit a website whose server
certificate&apos;s validity period has not yet started. The first thing you should do is make
sure the time and date displayed by your own computer is correct. If your computer&apos;s clock
is set to the wrong date, Certificate Manager may treat the server certificate as not yet
valid even if this is not the case. </p>
<p>Certificate Manager warns you when you attempt to visit a website whose
server certificate&apos;s validity period has not yet started. The first
thing you should do is make sure the time and date displayed by your own
computer is correct. If your computer&apos;s clock is set to the wrong date,
Certificate Manager may treat the server certificate as not yet valid even
if this is not the case.</p>
<p>If your computer&apos;s clock is set correctly, you need to make a decision about whether to
trust the site. This decision depends on what you intend to do at the site and what else
you know about it. Most commercial sites will make sure that the validity period for their
certificates has begun before beginning to use them. </p>
<p>If your computer&apos;s clock is set correctly, you need to make a decision
about whether to trust the site. This decision depends on what you intend to
do at the site and what else you know about it. Most commercial sites will
make sure that the validity period for their certificates has begun before
beginning to use them.</p>
<p>You can take these actions from the Server Certificate Not Yet Valid dialog box:</p>
<p>You can take these actions from the Server Certificate Not Yet Valid dialog
box:</p>
<ul>
<li><strong>View Certificate:</strong> To examine information about the certificate,
including its validity period, click View Certificate.</li>
<li><strong>OK:</strong> If you have reason to believe the problem is an inadvertent error,
you may choose to click OK to accept the certificate anyway for this session, and let
the webmaster for the site know about the problem.
<p>Be cautious about any actions you take while you are visiting the site.</p></li>
<li><strong>Cancel:</strong> If you suspect that there may be a significant problem and you
don&apos;t want to risk visiting the site at all, click Cancel (in which case Certificate
Manager will not connect you to the site).</li>
<li><strong>View Certificate:</strong> To examine information about the
certificate, including its validity period, click View Certificate.</li>
<li><strong>OK:</strong> If you have reason to believe the problem is an
inadvertent error, you may choose to click OK to accept the certificate
anyway for this session, and let the webmaster for the site know about the
problem.
<p>Be cautious about any actions you take while you are visiting the
site.</p>
</li>
<li><strong>Cancel:</strong> If you suspect that there may be a significant
problem and you don&apos;t want to risk visiting the site at all, click
Cancel (in which case Certificate Manager will not connect you to the
site).</li>
</ul>
<h3 id="domain_name_mismatch">Domain Name Mismatch</h3>
<p>A server <a href="glossary.xhtml#certificate">certificate</a> specifies the name of the
server in the form of the site&apos;s domain name. For example, the domain name for the Mozilla
website is <tt>www.mozilla.org</tt>. If the domain name in a server&apos;s certificate
doesn&apos;t match the actual domain name of the website, it may be a sign that someone is
attempting to intercept your communication with the website.</p>
<p>A server <a href="glossary.xhtml#certificate">certificate</a> specifies the
name of the server in the form of the site&apos;s domain name. For example,
the domain name for the Mozilla website is <tt>www.mozilla.org</tt>. If the
domain name in a server&apos;s certificate doesn&apos;t match the actual
domain name of the website, it may be a sign that someone is attempting to
intercept your communication with the website.</p>
<p>The decision whether to trust the site anyway depends on what you intend to do at the site
and what else you know about it. Most commercial sites will make sure that the host name
for a website certificate matches the website&apos;s actual host name.</p>
<p>The decision whether to trust the site anyway depends on what you intend to
do at the site and what else you know about it. Most commercial sites will
make sure that the host name for a website certificate matches
the website&apos;s actual host name.</p>
<p>You can take these actions from the Domain Name Mismatch dialog box:</p>
<ul>
<li><strong>View Certificate:</strong> To examine information about the certificate, click
View Certificate.</li>
<li><strong>OK:</strong> If you have reason to believe the problem is an inadvertent error,
you may choose to click OK to accept the certificate anyway for this session, and let the
webmaster for the site know about the problem.
<p>Be cautious about any actions you take while you are visiting the site, and treat any
information you find there as potentially suspect.</p></li>
<li><strong>Cancel:</strong> If you suspect that there may be a significant problem and you
don&apos;t want to risk visiting the site at all, click Cancel (in which case Certificate
Manager will not connect you to the site).</li>
<li><strong>View Certificate:</strong> To examine information about the
certificate, click View Certificate.</li>
<li><strong>OK:</strong> If you have reason to believe the problem is an
inadvertent error, you may choose to click OK to accept the certificate
anyway for this session, and let the webmaster for the site know about
the problem.
<p>Be cautious about any actions you take while you are visiting the site,
and treat any information you find there as potentially suspect.</p>
</li>
<li><strong>Cancel:</strong> If you suspect that there may be a significant
problem and you don&apos;t want to risk visiting the site at all, click
Cancel (in which case Certificate Manager will not connect you to the
site).</li>
</ul>
<p>If you decide to accept the certificate anyway for this session, you should be cautious
about what you do on the website, and you should treat any information you find there as
potentially suspect.</p>
<p>If you decide to accept the certificate anyway for this session, you should
be cautious about what you do on the website, and you should treat any
information you find there as potentially suspect.</p>
<p>Copyright &copy; 2003-2005 The Mozilla Foundation.</p>