Firefox warnings on site security

[Lerxst]

FF not digging your lack of http secure access

 

[Mark Wein]

hmm. I wonder if it's because of the change of URL?

 

[Tig]

I haven't seen any warnings nor alerts using firefox for this site.

 

[bsman]

I've heard that "Mark Wein" guy is really a Russian Bot...

 

[Mark Wein]

@dodgechargerfan - any ideas?

 

[dodgechargerfan]

@dodgechargerfan - any ideas?

I believe that there's no SSL certificate for the site.

The hosting company makes one available to you (that's a fairly new thing). Need to make sure it's turned on for this domain.

As for why it's showing up now, it's a new thing with browsers. They're all going to be raising that alert going forward.
It was a nice idea. Make the Internet safer for everyone. "Don't fill in that form unless you see the lock in the address bar." yada yada yada

The problem is that certs are free for hackers too. So, you can make up a fake banking site and get a cert to make the lock appear in the address bar.
If that's someone's only criteria for evaluating the safety of a site before giving it your info or credentials, then they're no safer than before all of this safety stuff came in to affect.

It's just created work for site owners. Sure there's a bit of value in having traffic between browser and even forum sites encrypted, but the whole idea was to address something else - and it missed.

 

[dodgechargerfan]

I'll have a look at the setup right now.

 

[Mark Wein]

I'll have a look at the setup right now.

let me know if I need to get a new cert. I got one for MarkWein.com a few months ago but I forgot about here.

 

[dodgechargerfan]

let me know if I need to get a new cert. I got one for MarkWein.com a few months ago but I forgot about here.

Yep. You do.

You can "order" them in the hosting cpanel.
They're no charge.

Make sure to cover all of the variations.
markweinguitarlessons.com
mwglforums.com
etc..

If we need to set up redirects, let me know. I can do that.
I can test things before making that change though.

 

[Mark Wein]

@Lerxst - still getting the warnings?

 

[dodgechargerfan]

Looking good on 5 different browsers (iPad)

 

[dodgechargerfan]

You might say the forum has fabulous locks.

*I’ll show myself out.*

 

[Lerxst]

@Lerxst - still getting the warnings?

I’ll check to tomorrow when I’m back on the work box wit ff but the new cert should do the trick

 

[Lerxst]

yes, warning are still there due to the forum only responding in FF on HTTP and no HTTPS so when you auth, you're sending the user/pass unencrypted.

Secure Connection Failed

An error occurred during a connection to www.markweinguitarlessons.com. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

 

[Tralfaz]

The site needs to send visitors to https instead of http (via .htaccess, e.g.).

You may have a legit reason for leaving visitors at http -- philosophies differ on that -- but I personally find it annoying.

 

[dodgechargerfan]

The resolution for the www. version of the url is a problem for some reason.

Leave off the www and it works.

 

[dodgechargerfan]

And yeah. We need to get the redirects working so everything goes there no matter what you type in.

It’s a bit finicky. I can look into it sometime this week. Maybe tonight if I remain upright and functioning. (So tired)

 

[Lerxst]

Chrome is now blocking logins on my phone due to the cert issue

 

[dodgechargerfan]

I’m logged in with Chrome on my iPad with no issues.
I’ll try my phone later.

Any screen shots of the error?

 

[Lerxst]