Another big point in version 3 is that it doesn't seem to swallow RAM like the 2.0 version. Now I can use the browser even after leaving it opened 2 or more days (in OSx and in FreeBSD leaving Firefox opened from one day to another ends in a almost unusable browser cause it renders itself quite slow).
That's all pretty good, Firefox3, the next generation of a great browser... until I tried to connect to my own webmail service...
Then I realized that the Firefox developers decided to take an approach when dealing with self-signed web certificates very similar to that of the infame IE7.
When you try to access an https website that uses a self-signed cert, you will get something like that:
WTF!, it is the same kind of message firefox shows when a given domain name does not resolv or when you can't connect to a no-response web server, THAT'S VERY CONFUSING FOR END USERS!.
Of course, you can add a security exception, for that, you only have to click on the link in that page I've showed you (o puede añadir una excepcion in spanish), then you will see something like:
More ugly and scaring error messages, you click on add exception (añadir excepcion in spanish) to get to another window where you will see the URL you were trying to connect to:
There, you will have to push the get certificate button (obtener certificado) to get another error message:
So, what? I'll tell you my point of view. Imagine you have a website where you offer a service to your customers. That website requires that your customers provide some login information to use the website, so you set up a secure web server certificate using OpenSSL in your web server. OK, your website is secure now.
Your customers are using the website using Opera or Firefox 2, the first time they connect to the website they got a message asking them about installing a security certificate, they took a look over the cert, pressed Ok, and they are done.
Now they upgrade their Firefox browser and try to use the same website... what will happen then? an ugly and scaring message about that website being not trustable and what is worse, a long 4-window process to be able to access that website, a process that could be difficult to follow for non-techie users.
So, Why do they have to change something that was working perfectly in earlier versions? I do not know, but I don't think that was a good idea (IMHO).
(well, I can think about a reason, the same reason some companies ask for 300$-500$ if you want to get a valid web server certificate).