John M McIntosh wrote:

> Could not open the page 
> “https://bountifulbaby.com/secure/checkout.ssp”  because Safari could 
> not establish a secure connection to the server  “bountifulbaby.com”. 
> Safari cannot verify the certificate used to check  the identity of 
> the website’s owner.
>

Thanks, John.  In my opinion, Safari is broken.  To completely reject a 
page because the certificate signer isn't in the browser's internal 
"Root CA" pool is just bogus.

As data points, the following browsers do the following things:

1. Mozilla on FreeBSD:
   Responds similarly to Internet Explorer on Windows.  Specifically, it 
responds that "The certificate was issued by a certificate authority 
that Mozilla does not recognize".  It then gives you the opportunity to 
view the certificate, and gives you the choice of whether to establish a 
secure SSL session (i.e., "Continue") or not (i.e., "Cancel").  In my 
opinion, this is the most rational way to handle it.

2.  Internet Explorer shipped with Windows XP Pro:
   Like Mozilla on FreeBSD.  Warns you that the certificate signer is 
not a known authority, but gives you a choice whether or not to accept 
the certificate and establish a secure SSL session.

3. NetScape 7.01 on  RedHat Linux 8.0:
   Silently estables a secure connection using the certificate (this is 
good for my wife's site, but a bad approach for the consumer)

4. Internet Explorer 5.1 on Mac:
   Complains about not knowing the certicate signer, and utterly refuses 
to establish a secure connection, but otherwise allows you to continue 
(unsecurely) if you desire it.   This is a bogus way for the browser to 
handle it.

5. Safari on Mac:
   Complains bitterly and utterly refuses to go forward.

Nevin