CA Certificate management is hard

Sidewalk Cafe in Stockholm have Internet access to a very good price. For example at the Central Station and 7Eleven. The problem is that they do not have any root cert installed for CACert. This in turn lead to the message you can see on the picture below.

Of course you can say “please continue anyway”, but if the URL people type in is a HTTP URI, and that give a redirect to the HTTPS one (a quite normal setup) the redirect does not work with an untrusted cert, even though the user say “please continue”.

The error message is then You are not connected to the Internet.

All of this show how broken and complicated the X.509 certificate hierarchies are to manage. Not fun at all.