Self-signed SSL certs and IE7
Apparently it’s not even remotely possible to convince Internet Explorer 7 to permanently accept an SSL cert signed by a certificate authority which it doesn’t ultimately trust. IE6 could do that just fine. Firefox can do that just fine - and its dialog box describing what’s going on is even decipherable by mere mortals. Pretty much every other web browser I’ve ever used can do it. But not IE7.
Thankfully, it’s pretty easy to import a new root certificate: just offer up your CA certificate (but not the key, duh) as a .crt file via http and load it up with the browser. It will offer to import it, along with plenty of warnings and whatnot. At least it works.
In case any of my loyal and happy users are reading this, here is my CA certificate for you to import. I’ll write up some more useful instructions at some point, such that when people invariably upgrade to IE7 and it starts giving them that very scary error message which strongly recommends that people stay the hell away from my web server because I am most likely some sort of computer terrorist because I haven’t paid for a legitimately signed SSL certificate, I can just point them to The Instructions and carry along my way.
If anyone wants to verify the certificate’s fingerprint out-of-band (ha! As if anyone is going to bother, much less understand what the point is…), go right ahead and email or IM or call me and I’d be happy to pass it along.
Oh, and here’s my actual preferred workaround: Use Firefox instead. Version 2.0 should even be released later today.