Unfortunately, there is no solution for stubborn, ignorant users who refuse to read or understand what the computer is trying to tell them...<p>The single biggest obstacle here is not that Firefox couldn't convey the problem to the user, but that the user didn't pay any attention to what Firefox was trying to tell them. When the user thinks they're always right, the software can never tell them otherwise...<p>Granted, I hate FF3's cert complaining process and I'm sure it could be improved, but no matter what you do, short of refusing to accept bad certs, this problem will continue to occur.<p>Oh, and Mozilla, while you try to fix this, will you <i>please</i> add the CACert root certificate to your browser? For the love of God, why should I trust a $5000 certificate from an automated purchase with Verisign any more than a free certificate verified by community members?<p>Edit: the first reply seems to be a better / more thorough explanation of the point I was trying to make: <a href="http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg04902.html" rel="nofollow">http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.or...</a>
Long story short: user received the ominous FF3 self-signed cert warning for every site she visited. The problem: the sites weren't using self-signed certs; she was the victim of a MITM attack. Because that's what a MITM attack looks like: indistinguishable from a self-signed cert.<p>The moral: FF3's self-signed cert warning isn't ominous <i>enough</i>.