Ravenloft: Prisoners of the Mist

Public (OOC) => Tech discussion => Topic started by: Marzipanic on August 01, 2018, 07:41:44 PM

Title: SSL Security Certificate missing on this website
Post by: Marzipanic on August 01, 2018, 07:41:44 PM
Hi all!

Just a heads up--because there does not appear to be an SSL cert installed for this website, browsers report registration for the forums as unsafe (which it is); passwords can be mined across the wire by those who know how. Would a web admin be willing to resolve this by adding a cert?

Free certs can be acquired from Let's Encrypt: https://letsencrypt.org/

An additional suggestion/request would be to update the website so that it redirects from HTTP to HTTPS (SSL) also, just in case anyone had it bookmarked under the open protocol.

Thank you for helping to keep the web safe!
Title: Re: SSL Security Certificate missing on this website
Post by: Blight on August 01, 2018, 11:11:31 PM
Oh, look. A bot.
Title: Re: SSL Security Certificate missing on this website
Post by: Iluvatar on August 01, 2018, 11:30:49 PM
It's not a bot, he actually talked about this on the Discord and was told to post it on the forum ;)
Title: Re: SSL Security Certificate missing on this website
Post by: Exordium on August 05, 2018, 12:06:44 PM
Yeah, should have SSL set up. There's been some informal talk about looking over the website at some point.

At the moment we don't fully conform to the current EU data privacy laws either...
Title: Re: SSL Security Certificate missing on this website
Post by: DrXavierTColtrane on August 05, 2018, 05:23:08 PM
SSL is set up, but the certificate is invalid.

https://www.nwnravenloft.com/forum/index.php

That works, but the browser warns that the name on the cert is not correct. If the user confirms a security exception, thereafter SSL is usable.

Fixing it to be correct requires only replacing the certificate with a properly generated one having the correct host name.
Title: Re: SSL Security Certificate missing on this website
Post by: Zarathustra217 on September 04, 2018, 04:25:09 AM
We are now converted to full SSL - thanks for reminding us!
Title: Re: SSL Security Certificate missing on this website
Post by: Super Sugar on September 04, 2018, 04:47:53 AM
Woop!  Looks to be working very well!
Title: Re: SSL Security Certificate missing on this website
Post by: Super Sugar on September 04, 2018, 05:01:09 AM
Just some added detail, the cert might be reporting mixed-content (not 100% secure).  I went through the code myself and it seems to be reporting this because there's some 'http' specific links to w3.org and some other un-important things.  Nothing to be worried about.