Yes Stefano, I too believe that the SSL certificate thingy in Iceweasel 3 is just a bad joke.

I mean WHAT THE FUCK WERE THEY THINKING ? At least in the RCs it improved, and the logo isn't the same as 404, it took me 10 refresh the first time I saw it to understand that it was not a 404 but an untrusted self-signed certificate.

And the whole "exception" thing is absurd. NO I DON'T WANT TO ADD AN EXCEPTION you morons. Here would be a good UI, that I never saw implemented in any browser but would make sense:

  • I want to browse the damn site, that you remember for me the current certificate, and browse without pretending it's safe (this way users do not believe to be protected when they are not).
  • Next time I go to that website again, if the untrusted certificate changed, then and only then I want to be bugged about the fact that this website changed its certificate.
  • I don't want any popup, anything, no "yellow" background in the URL (as the certificate is not trusted) no nothing, just browse it as if it was plain HTTP wrt the UI.

It's enough for 99.9% of the users.

Then, some of us really care about importing some untrusted certificates (for our own webmails e.g.). Then well, a small button that allows advanced users to check, import, and mark an untrusted certificate as trusted is just what one needs. One can even hide that in some menu, it would be fine. I for example, have only checked the SSL certificate from my webmail and something like 3 or 4 websites. I do NOT want to be bugged for the other.

But no, instead we have this completely delirious interface that no-one can sanely call User Interface. They're on crack.

Anyways, here is a way to make your pain easier, either in about:config or in your ${HOME}/.mozilla/firefox/${profile-with-name-on-crack-id}/user.prefs set the following values this way[1]:

 user_pref("browser.ssl_override_behavior", 2);
 user_pref("browser.xul.error_pages.expert_bad_cert", true);

It makes validating a certificate two clicks away (one of the settings shows the 'add exception' buttons instead of showing a link to make them visible, the other settings makes firefox download the certificate for you so that you don't have to ASK HIM to do so[2].

And you know the worst thing ? I'm sure the guy(s) who wrote this fucking dialog is(are) very proud of it.

Notes

[1] Thanks to glandium for the hints

[2] WTF people, WTF do you need us to make you download the certificate. This is nonsensical, the user had already 3 clicks to have the add exception dialog, and you need one to download the certificate ? WTF are you thinking!!!