[Dspace-general] DSpace repositories and self-signed certificates

[William L. Anderson]

Dear DSpace-istas,

I've had the need and opportunity to access some DSpace institutional
repositories recently and I've run into the following scenario.

I put the entry handle provided by a colleague or that is returned in a
search into a browser (Firefox usually) and I get a message window
stating that "The certificate could not be verified for unknown
reasons." Or "Unable to verify the identity this.particular.domain as a
trusted site." If I use Internet Explorer 7, I get a more ominous
message strongly suggesting that I do not connect to the site.

I understand that these messages arise because the SSL certificate that
is being presented by the repository is not in my browser's list of
trusted sites. And I know enough to examine the certificate more
closely, and I'm usually OK with accepting the certificate for a
one-time access. But I think that other scholars, researchers, and
interested citizens will be confused and uncertain about how to proceed.

I did a little browsing at several DSpace repositories around the world
and many of them do not require a secure connection. So I'm wondering
why some handles resolve to https and others to http.

I'm also wondering if presenting so-called untrusted site messages to
patrons will make the repositories seem less trustworthy. I'm concerned
here with the interaction experience of the users and patrons.

I'm not a specialist, so any clarifications and corrections are welcome.

Regards,

Bill Anderson
Praxis101 - people, systems, technology