Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upDocument password for client cert #369
Comments
|
Maybe make it bold? Or have a thing in the text underneath the box where it says that the password is |
|
Oh, wow. I did totally gloss over that. :-P Box underneath sounds a little more noticeable to me. (Maybe also format as |
|
Oops my bad! I totally missed that too |
Completely overlooked it just like in chromium#369, hopefully this overkill formatting tweak can help those later.
|
#385 added bold+code formatting to the passwords. We might also want to add a note underneath, so leaving this open for now. |
|
I agree, this was not at all obvious. There are several ways the ergonomics could be improved:
|
|
I just spent 20 mins looking in all the wrong places for this. Pretty annoying! And great to see that there's a great solution to the problem here! But then annoying that this solution was figured out a year ago, but it hasn't been put onto the badssl download page yet :-( Please someone, make the change @Quuxplusone proposed before another developer wastes a precious half hour. |
… to the download page. Partly addresses chromium#369. Using a passphrase other than "badssl.com" for the other files would also be great, but is a larger change, I think.
|
by the way, I think the reason it's so easy to miss the password in the table on the page, is that the password is "badssl.com". The problem is, the text "badssl.com" appears on the page 6 times (7 if you include the browser's URL bar). So the mind has already been kind of trained to ignore this as redundant information — "I already know what 'badssl.com' stands for! It's the domain name! therefore it can't be anything else" There's probably some technical term for this in cognitive psychology |
… to the download page. Partly addresses chromium#369. Using a passphrase other than "badssl.com" for the other files would also be great, but is a larger change, I think.

@diracdeltas ran into this.
Per 578f7a2#diff-c77ce27bee6905e8afa3b810dc48695c, the password is
$DOMAIN(e.g.badssl.comin prod). We should probably document that at https://badssl.com/download/cc @april