There's no reason why Gentoo's bugzilla should not be using a valid certificate when SSL/TLS is used. With Firefox 3 (and maybe other newer browsers), it brings up a warning and temporarily blocks the site. There are free certificates that can be obtained if money is the issue ( come on, I'm sure the Gentoo foundation can allocate some funds :P ), like godaddy.com gives free certs to open source projects, StartCom gives free class 1 certificates https://www.startssl.com/. Reproducible: Always Steps to Reproduce: 1. visit https://bugs.gentoo.org/ with Firefox 3 (clean install/profile) 2. 3. Actual Results: See red guy Expected Results: See bugs.gentoo.org main page
We're going to be using CACert later, it's just not a high priority right now. Your definition of 'valid' is also wonky. We care about the encryption, but not so much the identity. This is a dupe, but I don't have the other bug# on hand.