Ravenloft: Prisoners of the Mist
Public (OOC) => Tech discussion => Topic started by: Marzipanic on August 01, 2018, 07:41:44 PM
-
Hi all!
Just a heads up--because there does not appear to be an SSL cert installed for this website, browsers report registration for the forums as unsafe (which it is); passwords can be mined across the wire by those who know how. Would a web admin be willing to resolve this by adding a cert?
Free certs can be acquired from Let's Encrypt: https://letsencrypt.org/
An additional suggestion/request would be to update the website so that it redirects from HTTP to HTTPS (SSL) also, just in case anyone had it bookmarked under the open protocol.
Thank you for helping to keep the web safe!
-
Oh, look. A bot.
-
It's not a bot, he actually talked about this on the Discord and was told to post it on the forum ;)
-
Yeah, should have SSL set up. There's been some informal talk about looking over the website at some point.
At the moment we don't fully conform to the current EU data privacy laws either...
-
SSL is set up, but the certificate is invalid.
https://www.nwnravenloft.com/forum/index.php
That works, but the browser warns that the name on the cert is not correct. If the user confirms a security exception, thereafter SSL is usable.
Fixing it to be correct requires only replacing the certificate with a properly generated one having the correct host name.
-
We are now converted to full SSL - thanks for reminding us!
-
Woop! Looks to be working very well!
-
Just some added detail, the cert might be reporting mixed-content (not 100% secure). I went through the code myself and it seems to be reporting this because there's some 'http' specific links to w3.org and some other un-important things. Nothing to be worried about.