Steve Jackson Games - Site Navigation
Home General Info Follow Us Search Illuminator Store Forums What's New Other Games Ogre GURPS Munchkin Our Games: Home

Go Back   Steve Jackson Games Forums > Illuminati Headquarters > Forum Feedback and Help

Reply
 
Thread Tools Display Modes
Old 01-28-2017, 11:35 AM   #1
robkelk
Untitled
 
Join Date: Oct 2007
Location: between keyboard and chair
Default Invalid security certificate on the forum

It appears FireFox 51 is more security-conscious that FireFox 50. I just tried to connect to https://forums.sjgames.com/ after upgrading the browser, and I got the following error message:
Quote:
forums.sjgames.com uses an invalid security certificate.

The certificate is only valid for the following names: secure.sjgames.com, www.secure.sjgames.com

Error code: SSL_ERROR_BAD_CERT_DOMAIN
FireFox would not let me continue to the forum using the secure connection.

I'm connected now to http://forums.sjgames.com/ , not https://forums.sjgames.com/ ... but this is a security hole.
__________________
Rob Kelk
“Every man has a right to his own opinion, but no man has a right to be wrong in his facts.”
– Bernard Baruch,
Deming (New Mexico) Headlight, 6 January 1950
No longer reading these forums regularly.
robkelk is offline   Reply With Quote
Old 01-28-2017, 12:47 PM   #2
Andrew Hackard
Munchkin Line Editor
 
Andrew Hackard's Avatar
 
Join Date: Aug 2004
Location: Austin, TX
Default Re: Invalid security certificate on the forum

I'll escalate this to the appropriate people. Thanks for the report.
__________________
Andrew Hackard, Munchkin Line Editor
If you have a question that isn't getting answered, we have a thread for that.

Let people like what they like. Don't be a gamer hater.

#PlayMunchkin on social media: Twitter || Facebook || Instagram || YouTube
Follow us on Kickstarter: Steve Jackson Games and Warehouse 23
Andrew Hackard is offline   Reply With Quote
Old 01-28-2017, 01:40 PM   #3
GM Joe
 
GM Joe's Avatar
 
Join Date: Oct 2014
Location: Chicagoland
Default Re: Invalid security certificate on the forum

Chrome says something similar.
__________________
GMing Since 1982.
GM Joe is offline   Reply With Quote
Old 01-29-2017, 10:47 AM   #4
robkelk
Untitled
 
Join Date: Oct 2007
Location: between keyboard and chair
Default Re: Invalid security certificate on the forum

Quote:
Originally Posted by Andrew Hackard View Post
I'll escalate this to the appropriate people. Thanks for the report.
Thank you, Andrew.

Quote:
Originally Posted by GM Joe View Post
Chrome says something similar.
I expect all browsers would give a similar error - this is something that needs to be addressed at the server level. (It's a simple fix - SJGames just needs to throw a small amount of money at the problem, then spend a few minutes updating the security settings. Which security settings depends on where the money was thrown - and that's all anybody should say about this in a public forum.)
__________________
Rob Kelk
“Every man has a right to his own opinion, but no man has a right to be wrong in his facts.”
– Bernard Baruch,
Deming (New Mexico) Headlight, 6 January 1950
No longer reading these forums regularly.
robkelk is offline   Reply With Quote
Old 01-29-2017, 11:26 AM   #5
RogerBW
 
RogerBW's Avatar
 
Join Date: Sep 2008
Location: near London, UK
Default Re: Invalid security certificate on the forum

Quote:
Originally Posted by robkelk View Post
(It's a simple fix - SJGames just needs to throw a small amount of money at the problem, then spend a few minutes updating the security settings. Which security settings depends on where the money was thrown - and that's all anybody should say about this in a public forum.)
It doesn't even take money any more now that letsencrypt is available.
RogerBW is online now   Reply With Quote
Old 05-13-2017, 10:06 AM   #6
robkelk
Untitled
 
Join Date: Oct 2007
Location: between keyboard and chair
Default Re: Invalid security certificate on the forum

I know this is a low priority, but it's been over three months... and it's making me wonder how secure the W23 login is.
__________________
Rob Kelk
“Every man has a right to his own opinion, but no man has a right to be wrong in his facts.”
– Bernard Baruch,
Deming (New Mexico) Headlight, 6 January 1950
No longer reading these forums regularly.
robkelk is offline   Reply With Quote
Old 05-13-2017, 05:48 PM   #7
Parody
 
Parody's Avatar
 
Join Date: Aug 2004
Location: Twin Cities, MN
Default Re: Invalid security certificate on the forum

Quote:
Originally Posted by RogerBW View Post
It doesn't even take money any more now that letsencrypt is available.
Not necessarily true, depending on what uses SJG has for that certificate.

Quote:
Originally Posted by robkelk View Post
I know this is a low priority, but it's been over three months... and it's making me wonder how secure the W23 login is.
Warehouse23.com has its own certificate that matches its domain and thus doesn't have this issue.

I'm personally not too worried since I'm pretty sure I've been using http://forums.sjgames.com/ since the forum opened back in 2004.
__________________

Last edited by Parody; 05-13-2017 at 05:49 PM. Reason: Wrong year, silly.
Parody is offline   Reply With Quote
Old 05-23-2017, 05:16 AM   #8
Bruno
 
Bruno's Avatar
 
Join Date: Sep 2004
Location: Canada
Default Re: Invalid security certificate on the forum

I didn't even know SJG had an https for the forums. I'm pretty disappointed by that - it should be served as the default and if it wasn't available at the beginning I really would have appreciated a notice when it was made available :P
__________________
All about Size Modifier; Unified Hit Location Table
A Wiki for my F2F Group
A neglected GURPS blog
Bruno is offline   Reply With Quote
Old 05-23-2017, 05:22 AM   #9
vicky_molokh
GURPS FAQ Keeper
 
vicky_molokh's Avatar
 
Join Date: Mar 2006
Location: Kyïv, Ukraine
Default Re: Invalid security certificate on the forum

Quote:
Originally Posted by Bruno View Post
I didn't even know SJG had an https for the forums. I'm pretty disappointed by that - it should be served as the default and if it wasn't available at the beginning I really would have appreciated a notice when it was made available :P
So now HTTPS is a thing . . . but does it make a difference if the certification is void?

Edit: oh wait, apparently the HTTPS version doesn't even contain the forum, instead redirecting to the HTTP version thereof.
__________________
Vicky 'Molokh', GURPS FAQ and uFAQ Keeper

Last edited by vicky_molokh; 05-23-2017 at 05:25 AM.
vicky_molokh is offline   Reply With Quote
Old 05-23-2017, 05:45 PM   #10
robkelk
Untitled
 
Join Date: Oct 2007
Location: between keyboard and chair
Default Re: Invalid security certificate on the forum

Quote:
Originally Posted by vicky_molokh View Post
So now HTTPS is a thing . . . but does it make a difference if the certification is void?

Edit: oh wait, apparently the HTTPS version doesn't even contain the forum, instead redirecting to the HTTP version thereof.
HTTPS encrypts data (such as passwords) sent over the internet. HTTP does not. As long as people use the same password on multiple sites, this makes a difference.

Being presented with a bad certificate says there's a security problem somewhere...
__________________
Rob Kelk
“Every man has a right to his own opinion, but no man has a right to be wrong in his facts.”
– Bernard Baruch,
Deming (New Mexico) Headlight, 6 January 1950
No longer reading these forums regularly.
robkelk is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Fnords are Off
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 03:33 PM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2024, vBulletin Solutions, Inc.