Welcome to the staging ground for new communities! Each proposal has a description in the "Descriptions" category and a body of questions and answers in "Incubator Q&A". You can ask questions (and get answers, we hope!) right away, and start new proposals.
Are you here to participate in a specific proposal? Click on the proposal tag (with the dark outline) to see only posts about that proposal and not all of the others that are in progress. Tags are at the bottom of each post.
Comments on Are certificate errors always reported immediately, or is validation cached?
Post
Are certificate errors always reported immediately, or is validation cached? Question
I visited a site that I use infrequently and got a certificate error, specifically NET:ERR_CERT_AUTHORITY_INVALID. I contacted the owner, who asked for a screenshot. That surprised me, as I had assumed that a certificate problem would be visible to everyone. I tested three browsers across two devices and saw the same problem everywhere -- but I also hadn't visited this site recently from any of them. The owner presumably visits it a lot.
Is certificate validation cached client-side? If so, for how long, and how can a user flush or bypass it?
I can think of two reasons to want to flush such a cache and force a recheck. One is if I'm the owner of the site and want to check that everything's ok (the situation that prompted this question). The other is if I'm a cautious user who wants to double-check that, say, my bank doesn't have security issues before I log in -- a scenario that hadn't occurred to me before seeing this error that a site owner doesn't see.
2 comment threads