Author Topic: SSL Security Certificate missing on this website  (Read 220 times)

Marzipanic

  • New to the Mists
  • *
  • Posts: 1
SSL Security Certificate missing on this website
« on: August 01, 2018, 07:41:44 PM »
Hi all!

Just a heads up--because there does not appear to be an SSL cert installed for this website, browsers report registration for the forums as unsafe (which it is); passwords can be mined across the wire by those who know how. Would a web admin be willing to resolve this by adding a cert?

Free certs can be acquired from Let's Encrypt: https://letsencrypt.org/

An additional suggestion/request would be to update the website so that it redirects from HTTP to HTTPS (SSL) also, just in case anyone had it bookmarked under the open protocol.

Thank you for helping to keep the web safe!

Blight

  • The Underworld
  • Dark Lord
  • *****
  • Posts: 584
Re: SSL Security Certificate missing on this website
« Reply #1 on: August 01, 2018, 11:11:31 PM »
Oh, look. A bot.
Just another lesson from the School of Hard Knocks... PHD!

Iluvatar

  • Someone
  • Developers
  • Dark Power
  • *
  • Posts: 1844
  • I'm one of Strahd's subjects
Re: SSL Security Certificate missing on this website
« Reply #2 on: August 01, 2018, 11:30:49 PM »
It's not a bot, he actually talked about this on the Discord and was told to post it on the forum ;)
« Last Edit: August 01, 2018, 11:34:41 PM by Iluvatar »

~ Iluvatar / Iluvatar-2 / Iluvatar NCE

Exordium

  • Developers
  • Dark Power
  • *
  • Posts: 1732
Re: SSL Security Certificate missing on this website
« Reply #3 on: August 05, 2018, 12:06:44 PM »
Yeah, should have SSL set up. There's been some informal talk about looking over the website at some point.

At the moment we don't fully conform to the current EU data privacy laws either...

DrXavierTColtrane

  • Dark Lord
  • *****
  • Posts: 738
Re: SSL Security Certificate missing on this website
« Reply #4 on: August 05, 2018, 05:23:08 PM »
SSL is set up, but the certificate is invalid.

https://www.nwnravenloft.com/forum/index.php

That works, but the browser warns that the name on the cert is not correct. If the user confirms a security exception, thereafter SSL is usable.

Fixing it to be correct requires only replacing the certificate with a properly generated one having the correct host name.
For everything that's lovely is
But a brief, dreamy, kind delight.