When you use Chrome to display pages from a website that uses HTTPS but with a self-signed certificate, Chrome displays the page correctly but the URL bar contains the padlock symbol crossed out and the HTTPS prefix crossed out.This is incorrect behaviour since the page *is* delivered via HTTPS and hence the session is encrypted.The problem is that the semantics are WRONG and the padlock symbol and HTTPS prefix are trying to represent TWO things:1. is the channel secure (encrypted) - yes/no ?2. is the site trusted (certificate verifiable) - yes/no ?It is perfectly VALID to have a HTTPS (secure) session WITHOUT a valid certificate!!!!!I suggest/recommend that Chrome be changed to have a RAG (Red-Amber-Green) labelling system and semantics, as follows:Green: session is encrypted (HTTPS) and credentials are trusted, i.e. the certificate is validAmber: session is encrypted (HTTPS) but credentials are not trusted, i.e. there is something wrong with the certificate (self-signed, expired, other ...)Red: session is not encrypted (HTTPS failed or null cipher attempted), certificate revoked, or some other failure to set up a secure channel.This approach would represent the "real world" more appropriately.Mike