How Hard is it to Get Your SSL Cert Right?
Guess what, this isn't a post about the recent Rogue CA presentation... just something I came across that frustrated me.
I recently went to check out adsense to see if it's ever actually made me any money. Being Canadian and using google.ca hourly (since google.com forces me to google.ca I might as well type it myself), I typed in www.google.ca/adsense. I was kicked over to https://www.google.ca/adsense and had the following appear in Firefox
I know it's obvious what the problem is, but let's look at my other screenshots since I took the time to take them.
Now why can't a company like Google get their SSL certs right? How's the general public ever supposed to trust SSL if major web-based companies are too lazy to get proper SSL certs? I'm actually rather disppointed by this. I've actually trained some of my family to not venture into sites with improper SSL certs (or at least investigate them first) and this would confuse them and set all the effort that I've made back several steps.
We always talk about educating the user, and I believe that SSL is something we can properly educate the end user about, however that requires an effort on the part of the website / vendor in question. This time Google has failed.