Rated 4 out of 5 stars

by J. Schlackman on July 28, 2011 ·

Very useful for the security-conscious, but like a previous reviewer I've found that some sites (Twitter in particular) balance their load between servers with different SSL certificates installed, so even though I'm accessing the same URL each time, the certificate alternates back and forth between two different ones that are not due to expire and also have different CAs. This means I frequently have to dismiss a warning popup even though I've previously accepted both certs.

This review is for a previous version of the add-on (2.0.8.1-signed.1-signed). 

by tg(x) (Developer) on July 28, 2011 ·

There's a a checkbox at the bottom of the change notification dialog (after clicking 'View Details') labeled 'Check certification authority only' which makes CertPatrol check only that the issuer is still the same for that host. This usually solves the problem for sites using load balancing (e.g. Google, Citibank).

The Twitter case is a bit different as they use completely different certificates from different issuers for si0.twimg.com, for this we added an ignore list to the prefs and an ignore button to the dialog that disables any checking for that host, so at least it's not annoying. This feature is going to be available in 2.0.10, for the impatient it's already available in the development channel, in version 2.0.10rc.