How do I configure ZXTM with Firefox 3?There can't be many people who haven't heard of the Firefox web browser. If you have never used it before, we can highly recommend giving it a try. It's faster, safer, and just so much friendlier than Internet Explorer. If you are on the cutting edge of web browsers, you might have tried the new betas of Firefox 3. And if you've used Firefox 3 with ZXTM, you'll notice that there have been some changes to the way Firefox handles secure sites. This is similar to the changes seen in Internet Explorer 7 - and we have a KnowledgeHub article explaining those changes too. If you browse to a ZXTM admin server page with Firefox 3, you'll see this warning message:  Here, I was trying to view the ZXTM admin server at https://ixion:9090. This alarming-looking page is saying someone might be impersonating the server! So, what's going on? The ZXTM admin site uses a technology called 'SSL' to protect its content. SSL has two main features:
The Firefox warning message is related to this second feature - checking the ownership of the site. This is where SSL gets complicated. A website that uses SSL has what is called a 'SSL certificate'. This certificate describes the owner of the website. Your web browser looks at this certificate and decides whether or not to trust it. Firefox (and all other web browsers) will only trust a certificate if it is signed by a known 'Certificate Authority' (CA). To get a site's SSL certificate signed by one of these authorities, you have to pay them money and let them do some checks to confirm your identity. Examples of CAs include companies such as Verisign and GeoTrust. By default, when ZXTM is installed, it will generate its own SSL certificate, in a process called 'self-signing'. This lets the website be encrypted, but without the incurred cost and hassle of having to apply to a company to validate your identity. So, Firefox is saying that it cannot prove that your ZXTM admin website is who it claims to be. To access the website, you will need to click on the 'Or you can add an exception' link, then click the 'Add Exception...' button that appears. Firefox will then open a dialog box letting you see some more details about the SSL certificate:  (You will first need to press the 'Get Certificate' button to load the certificate details). You can then press the 'View' button to examine the specifics of the site's certificate. This will include information on who provided the certificate. Essentially, the SSL certificate is part of a 'chain of trust'. If you trust the person who issued the certificate, Firefox will then trust the website using the certificate. Trust in this case means allowing you to browse the website. Once you press the 'Confirm Security Exception' button, you can go ahead and use the ZXTM web-based configuration as normal. How can these errors be prevented?ZXTM allows to you to replace the auto-generated SSL certificate with one that you have bought from a Certificate Authority. Just go to the System->Security page and upload the new certificate. If it is correctly signed, then Firefox will accept it without errors. And finally...If you want to learn a bit more about SSL and certificates, Wikipedia has all the gory detail. Firefox, like every other web browser, comes with a set of 'Trusted Certificate Authorities' built-in. These are assumed to be reputable companies who ensure the people they give SSL certificates to are trustworthy. To see the complete list in Firefox 3, go to the menu Tools->Options (on Windows), select the Advanced tab, then press the 'View Certificates' button. In the pop up window, click on the 'Authorities' tab. My browser has around 50 different companies listed in there, many of whom I have never even heard of. And yet they are apparently deemed 'trustworthy'. The whole SSL certificate system is very dubious...
Ben
[Zeus Dev Team] 05 February 2008
|
Recent Articles
Other Resources
|
