Caveat Emptor

Self-Signed Certificate

Experiments have been carried out to see what would happen if someone tried to clone the "official" Cyclists in Southwark website and set up an unofficial one. It would still have HTTPS encryption, but its security certificate would be "self-signed", rather an being approved of by an official organisation. Rides could be advertised on the site, but they would be uninsured. If you want to find this "fake" Cyclists In Southwark website, its URL is the subdomain f.cyclistsinsouthwark.org.uk. If you go to this site, your browser will give you various warnings indicating that the site is not to be trusted and should not to be used for storing personal data. If you click on the "Advanced" button, the browser will still let you go to the site, but you will have to acknowledge that you are aware of the warnings.

If you type in the following at a Linux command line prompt:

  • curl https://f.cyclistsinsouthwark.org.uk/

this is the message you get back:

  • curl: (60) SSL certificate problem: self signed certificate
    More details here: https://curl.haxx.se/docs/sslcerts.html
  • curl failed to verify the legitimacy of the server and therefore could not
    establish a secure connection to it. To learn more about this situation and
    how to fix it, please visit the web page mentioned above.