We harp on the fact that if you have *ANY* VPN, or remote access capabilities into your district, you *MUST* use a commercial SSL certificate and not a self-signed SSL - no exceptions.

However, an area of growing frustration is that many current browsers are starting to give warnings about whether or not you should trust a legitimate, non-infected, web site that doesn't have an SSL.

Many of you have heard me say time and again, "if we ask the end user a question, we have failed".   This is the latest iteration of that edict.