Thanks again for another nice article! Many people don't know this stuff and here is explained very clearly.
I always wondered a thing, in the case I find a website that shows an invalid certificate (eg. expired date) AND its non-https version works correctly AND I don't have to login or send any data, just browse the website... isn't it better anyway to ignore the cert warning and use the encrypted connection instead of the unencrypted one?
posted by <hidden> • 2 years and 11 months ago Link

I appreciate the kind comments!

Yes, I agree that it's always better to have even an invalid certificate than no certificate. You won't be able to trust the identity of the server you're communicating with but at least the content will be encrypted which offers some protection. Just be aware of this fact and as you say, be especially cautious with sensitive data such as login credentials.
posted by tagawa Staff2 years and 11 months ago Link