Rated 1 out of 5 stars

by olegoz on Nov. 26, 2014 ·

That's it, Google has killed this extension now.

I've made an attempt to use it for the last couple of years (because something like this is really needed to be able to trust https), and it was almost OK initially, but these days it's unusable, mostly due to Google. Looks like they use hundreds (thousands?) of certificates, with their own CAs, so even checking the CA-only box doesn't help much. And now they're generating certificates valid for only 90 days. And with their ad network you get their warnings not only on Google's own sites, but *everywhere* (including here, addons.mozilla.org).

No updates for 3 years, when the landscape is changing this quickly, is inexcusable. This extension is dead.

This review is for a previous version of the add-on (2.0.14.1-signed.1-signed). 

Rated 4 out of 5 stars

by olegoz on April 21, 2014 ·

The Heartbleed bug has exposed both the importance and inadequacies of Certificate Patrol. Need to deal better with the torrent of changing certificates (like silently accepting when the only change is the issue/expiration dates moving forward). Also would be great to flag a certificate issued after Heartbleed disclosure being replaced by one issued prior to that as a Very High Risk event, as that's the only way to catch an attack using stolen server keys.

This review is for a previous version of the add-on (2.0.14.1-signed.1-signed). 

Rated 4 out of 5 stars

by olegoz on April 24, 2013 ·

This extension, or something like it, is necessary for https to be usable as it was designed (makes little sense to demand https without checking certificates, and manually checking every certificate is impractical).

That said, I agree with joey2012. After using Certificate Patrol for a couple of months, the most important improvement would be to split a single "Accept" button into two, "Add" and "Replace", so that multiple certificates could be stored for a domain.

And another thing that annoys me is that the bar that appears and auto-hides at the top, sometimes multiple times per page, shifts the page up and down. So I could be clicking on a link or a button, while the bar decides to hide at the same time, and I end up clicking on the wrong button. Maybe the bar could be at the bottom, maybe there should be an option to have a button in toolbar that changes color with the warnings instead of the bar.

This review is for a previous version of the add-on (2.0.14.1-signed.1-signed).