08-02-2018, 08:59 AM | #1 |
Join Date: Oct 2014
Location: St. Louis, Missouri
|
Secure site?
I noticed yesterday that all of the Forum's pages, other SJG pages, and W23 now flag as "not secure" when I am reading them. Is this somehow on my end, or is it an SJG issue?
(Google Chrome, bog standard set-up) Last edited by Mack_JB; 08-02-2018 at 09:02 AM. Reason: clarifications |
08-02-2018, 11:00 AM | #2 |
Join Date: Aug 2004
Location: Twin Cities, MN
|
Re: Secure site?
That's Google's change to how Chrome shows addresses. All sites using http (vs. https) will say Not Secure.
__________________
|
08-02-2018, 07:52 PM | #3 | |
Join Date: Sep 2006
Location: Seattle, Washington, USA
|
Re: Secure site?
Quote:
I would like to add my voice to those saying SSL/TLS is desirable, and point out that there are certificate providers who provide certs for free. For example, https://letsencrypt.org/
__________________
“What all the wise men promised has not happened, and what all the damned fools said would happen has come to pass.” ― William Lamb Melbourne Last edited by rosignol; 08-02-2018 at 08:28 PM. |
|
08-20-2018, 08:49 AM | #4 |
Join Date: Aug 2018
|
Re: Secure site?
You can also use cloudflare dns servers to have a free ssl certificate. Configuration is very simple.
Server <- NO SSL -> Cloudflare DNS <- SSL -> User So everybody can see safe version without payment or refreshing SSL |
08-22-2018, 05:31 AM | #5 |
Join Date: Jun 2007
Location: USA, Arizona, Mesa
|
Re: Secure site?
I would also like to add in my vote regarding the desirability of SSL/TLS for any and every site for simple reliable operation on the modern internet, and especially for those with login forms: Firefox for quite some time now has complained vociferously about the lack of security on these forums when logging in; Chrome now marks the entirety of non-TLS connections as insecure; Firefox will be following suit in the near future, and both are likely to follow up with increasing hoops to jump through to enter passwords into non-TLS sites.
I will also add that the server at pyramid.sjgames.com (which appears to host most of SJG's web presence) is already properly configured for TLS, but only for the domain secure.sjgames.com — it is quite simple to set up Apache with a client such as Certbot or ACME.sh (or for recent Apache versions, mod_md) to make TLS for all (sub)domains on the server free and easy. As for validation concerns: The current certificate for secure.sjgames.com is an Organization Validation certificate. Let's Encrypt, Cloudflare, and similar sources of free TLS certs these days only provide Domain Validation certificates. This is arguably a downside — but it is arguable because there is currently no mainstream web browser that clearly differentiates between OV and DV certificates, only between Extended Validation certificates (the kind that give you the authenticated organizational name in the address bar) and all non-EV certificates. Anyway this post has gotten overly long and rambling because it's 4AM, and I am certain the technical staff is already well aware of all this so I'm cutting it short — but hopefully this is helpful to someone. |
Thread Tools | |
Display Modes | |
|
|