The shoutbox is currently out of service. Join us on Discord instead.
You can help CodeWalrus stay online by donating here.

Forced https? ???

Started by DJ Omnimaga, July 24, 2015, 08:33:25 pm

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Adriweb

Quote from: DJ Omnimaga on July 25, 2015, 05:55:34 pm
I don't exactly remember what it was, but it was about untrusted certificate and it asked me to accept it. I have the same problem on many other HTTPS website (eg TVA Nouvelles).

Hmm, so this phone (or at least that old OS on the phone) somehow doesn't know/trust StartSSL (the signing authority)...
I guess it's ok with a bit more recent OSes, with updated trust stores...
Co-founder & co-administrator of TI-Planet and Inspired-Lua

DJ Omnimaga

Yeah that could explain it. Thankfully, the site still works. I guess it might just be a bit annoying for certain users or scary for technology-illiterate users to have such warning.

Streetwalrus

Ah yeah, StartSSL. They're not trusted by everyone, or at least not until recently.

Lionel Debroux

Few browsers trusted CACert by default, but StartSSL has been well supported by the mainstream browsers for years.
It's heart-breaking for users that manufacturers are so careless about updating devices :(
Member of the TI-Chess Team.
Co-maintainer of GCC4TI (GCC4TI online documentation), TIEmu and TILP.
Co-admin of TI-Planet.

DJ Omnimaga

July 25, 2015, 08:14:52 pm #19 Last Edit: July 25, 2015, 09:14:24 pm by DJ Omnimaga
What is strange is that back in the days, certain certificates seemed trusted by almost every browser, old or new. Even older versions of IE seemed to have no issue displaying such site, aside from a warning about how we are about to enter a secured connection, which we could disable. I am bettering that those certificates were the ones that costed several hundreds of dollars, though. I myself would never pay this much for a certificate unless I was really serious about a website. Not that I am not serious about CW, but it only averages at 4000 page views a day and doesn't even have a shop (it used to, but it was external).


EDIT: Also, the Facebook sharing doesn't work by default on HTTPS now. It says content was blocked. The FB button at the top of the page works, but not the one in the first post of each topic.

Unicorn

So I read up on the web browser, and it has support for SSL, and a clouple of other things..



??? ??? ??? ??? ???

Lionel Debroux

The Startcom Class 1 certificate is for no fee, and the Class 2 certificate, with wildcard support, was only $30 a year when we bought one for TI-Planet + Inspired-Lua, which is far better than the other CAs.
The Let's Encrypt initiative from Mozilla, the EFF and friends, which is supposed to produce its first certificate next week and become available for the general public in September, will change the cards in the CA business, at long last.
Member of the TI-Chess Team.
Co-maintainer of GCC4TI (GCC4TI online documentation), TIEmu and TILP.
Co-admin of TI-Planet.

DJ Omnimaga

Hm interesting. Ideally we would prefer to use free certificates since Juju can't even afford to pay CW hosting right now (I pay most of it ATM).

Snektron

July 26, 2015, 06:01:56 pm #23 Last Edit: July 26, 2015, 06:03:59 pm by Cumred_Snektron
Quote from: DJ Omnimaga on July 26, 2015, 04:31:05 pm
Hm interesting. Ideally we would prefer to use free certificates since Juju can't even afford to pay CW hosting right now (I pay most of it ATM).


I still had like one dollar on the paypal account i never use (Since i need to make a minimum transaction of €25 to put money on it <_<) so i figured, why not give it?
Also since CW has a lot of Dutch members maybe it's worth adding iDeal as payment method?
Legends say if you spam more than DJ Omnimaga, you will become a walrus...


DJ Omnimaga

Is iDeals a Dutch-only thing? I could perhaps check if SMF has a plugin that adds support for it.

Juju

Yeah, I enabled HSTS the other day. As Streetwalrus said, you still have access to HTTP, and since HSTS is fairly new, your old browser should not do the redirection since it don't know yet how to do that. And even on new browsers, it only works if you already went on HTTPS at least once since I activated it and there's a way in the settings (at least on Chrome, you may probably have to delete some cache file) to "forget" you already visited that site on HTTPS.

For the certificates, we use the ones at Namecheap, they're often free with a new domain name, otherwise they're real cheap, like $1.88 if I remember well. And they do the job. There's errors on Omnimaga and CodeWalrus, but it's because we serve HTTP content over HTTPS, which is quite normal for a server, I guess, and this error should be ignorable.
Read Zarmina!
YUKI-CHAAAANNNN
In the beginning there was walrii. In the end there will be walrii. All hail our supreme leader :walrii: --Snektron



if you wanna throw money at me and/or CodeWalrus monthly it's here

Snektron

Quote from: DJ Omnimaga on July 27, 2015, 12:54:31 am
Is iDeals a Dutch-only thing? I could perhaps check if SMF has a plugin that adds support for it.


Yeah i think it is. It's supported on many international platforms though
Legends say if you spam more than DJ Omnimaga, you will become a walrus...


Streetwalrus

By the way, if you still want to use http, use http://http.codewalr.us or any other subdomain that doesn't already have a defined purpose.

DJ Omnimaga

Lol I didn't know this worked. But then won't the url switch back to default site URL once clicking links?

Edit: it does x.x

Streetwalrus

Eh, didn't think of that. Nevermind then.

Powered by EzPortal