Hi, I followed with interest the thread of Per. Last week I observed something else that surprised me. With openvpn I also use keys&certificates on client and servers. And no matter what you use on the client, it is the the peer at the other end, that decides if it will accepts the connection or not based on: - ca-trust-chain - revocation list - validity (date-range) of the certificate. With firefox I saw something different behaviour: I tried to go to a ssl-server, with client-cert-authentication enabled. Much to my surprise, the client directly refused, saying that my cert expired two weeks ago. tcpdump on either side proved that no data was sent along the line A warning should be OK, but a plain refusal by firefox feels like big brother is taking control. It may ask several layers deep about security-exception, and whether i am very-very-very-sure about it. But in the end it should have been MY decision, not firefox. Or am I that mistaken? Hans -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org