[Dspace-general] DSpace repositories and self-signed certificates
William L. Anderson
band at acm.org
Thu Mar 8 12:14:59 EST 2007
Dear DSpace-istas,
I've had the need and opportunity to access some DSpace institutional
repositories recently and I've run into the following scenario.
I put the entry handle provided by a colleague or that is returned in a
search into a browser (Firefox usually) and I get a message window
stating that "The certificate could not be verified for unknown
reasons." Or "Unable to verify the identity this.particular.domain as a
trusted site." If I use Internet Explorer 7, I get a more ominous
message strongly suggesting that I do not connect to the site.
I understand that these messages arise because the SSL certificate that
is being presented by the repository is not in my browser's list of
trusted sites. And I know enough to examine the certificate more
closely, and I'm usually OK with accepting the certificate for a
one-time access. But I think that other scholars, researchers, and
interested citizens will be confused and uncertain about how to proceed.
I did a little browsing at several DSpace repositories around the world
and many of them do not require a secure connection. So I'm wondering
why some handles resolve to https and others to http.
I'm also wondering if presenting so-called untrusted site messages to
patrons will make the repositories seem less trustworthy. I'm concerned
here with the interaction experience of the users and patrons.
I'm not a specialist, so any clarifications and corrections are welcome.
Regards,
Bill Anderson
Praxis101 - people, systems, technology
More information about the Dspace-general
mailing list