Click the image above to see what Internet Explorer 7.0 will greet you with if you attempt to access a website that has a “bad SSL certificate”. While other browsers — including IE’s direct ancestry — would merely pop up a dialog box, the new browser replaces the client area with this scary message:

We recommend that you close this webpage and do not continue to this website.

Now, I’m very happy that the engineers at Microsoft have realized that their target audience doesn’t consist of people that read Slashdot everyday, but instead is largely made up of those people in your family that live in the hinternet and constantly call you for computer advice. Thus, it is good and right to have an error message that will scare the pants off of those people enough so they won’t click on that link and get fleeced by some phisher from across the globe pretending to be a concerned banker from Chase or account representative at PayPal.

However.

Those of us who make and ship web applications that use SSL often include “self-signed SSL certificates”. They aren’t valid for anything except to enable the “secure” portion of SSL and make no representation about the site’s identity. This is OK, as these tools are supposed to be used in a development environment on an Intranet where the clue quotient of the users is going to be higher than Aunt Marge. That said, it’s still a bit obnoxious to encounter such good intentions in a setting when they aren’t needed.