Security Certificate for foldingforum.org

Moderator: Site Moderators

gunnarre
Posts: 567
Joined: Sun May 24, 2020 7:23 pm
Location: Norway

Re: Security Certificate for foldingforum.org

Post by gunnarre »

Hopfgeist wrote: I understand. Letsencrypt, as the name suggests, put their emphasis more on the encrypted connection (making that the default across the whole web), and somewhat less on trustworthy authentication.
Just got to be extra careful to check that you're visiting Paypal and not Paÿpal.
Image
Online: GTX 1660 Super, GTX 1080, GTX 1050 Ti 4G OC, RX580 + occasional CPU folding in the cold.
Offline: Radeon HD 7770, GTX 960, GTX 950
Joe_H
Site Admin
Posts: 7854
Joined: Tue Apr 21, 2009 4:41 pm
Hardware configuration: Mac Pro 2.8 quad 12 GB smp4
MacBook Pro 2.9 i7 8 GB smp2
Location: W. MA

Re: Security Certificate for foldingforum.org

Post by Joe_H »

This was posted on the F@h News site - https://foldingathome.org/2020/12/02/forum-outage/.
Image

iMac 2.8 i7 12 GB smp8, Mac Pro 2.8 quad 12 GB smp6
MacBook Pro 2.9 i7 8 GB smp3
Dr. Merkwürdigliebe
Posts: 32
Joined: Tue Nov 08, 2016 7:52 pm
Hardware configuration: Xeon 1230v3 + Geforce RTX 2080
Location: Germany

Re: Security Certificate for foldingforum.org

Post by Dr. Merkwürdigliebe »

Not sure if this has been suggested before but my browser doesn't show the lock symbol when visiting this site via https.

The reason seems to be

Image
Joe_H
Site Admin
Posts: 7854
Joined: Tue Apr 21, 2009 4:41 pm
Hardware configuration: Mac Pro 2.8 quad 12 GB smp4
MacBook Pro 2.9 i7 8 GB smp2
Location: W. MA

Re: Security Certificate for foldingforum.org

Post by Joe_H »

An updated certificate was loaded for the forum sometime Friday evening, I have not seen an official announcement about that. Not quite certain myself on how to interpret the messages you are seeing.
Image

iMac 2.8 i7 12 GB smp8, Mac Pro 2.8 quad 12 GB smp6
MacBook Pro 2.9 i7 8 GB smp3
gunnarre
Posts: 567
Joined: Sun May 24, 2020 7:23 pm
Location: Norway

Re: Security Certificate for foldingforum.org

Post by gunnarre »

The first message says that the Google form at the top right should be referred via HTTPS to avoid mixed content. That should be easily fixable in the forum code.

The second message is about signature images. If at least one of the users uses e.g. an image from the Extreme Overclocking stats site, they should use HTTPS instead of HTTP in the IMG link, or there will be a mixed content warning. Since it's your signature Joe_H, you can fix it for this particular page by editing your signature. Trying to enforce this on all signature images might be a bit outside what time should be spent on. Having the certificate updated and valid is the main thing.
Image
Online: GTX 1660 Super, GTX 1080, GTX 1050 Ti 4G OC, RX580 + occasional CPU folding in the cold.
Offline: Radeon HD 7770, GTX 960, GTX 950
Joe_H
Site Admin
Posts: 7854
Joined: Tue Apr 21, 2009 4:41 pm
Hardware configuration: Mac Pro 2.8 quad 12 GB smp4
MacBook Pro 2.9 i7 8 GB smp2
Location: W. MA

Re: Security Certificate for foldingforum.org

Post by Joe_H »

Okay, I can change my signature to using https, and it works currently. At one point in the past using the https link to the EOC signatures did not work.

As for the Google search form, there was a reason it uses http that I came across once, but don't recall the details. Will have to check ti see if that reason still holds, and who can make the change.
Image

iMac 2.8 i7 12 GB smp8, Mac Pro 2.8 quad 12 GB smp6
MacBook Pro 2.9 i7 8 GB smp3
Celso Azevedo
Posts: 7
Joined: Wed Dec 18, 2013 9:56 pm

Re: Security Certificate for foldingforum.org

Post by Celso Azevedo »

What some forums proxy all images via a domain they control and making everything https that way. But these days almost everyone uses https, so only old links/threads/posts are affected. Unless there's some extension for phpBB that does this automatically, it's probably not worth doing anymore.

Something that should be easy to do and would fix some of these issues, is to search the database for known hosts that used to use http and replace them with https. EOC, imgur (http://i.imgur.com), f@h site, etc.

Also, use HTTPS for the search forms in the header. Google have supported it for years now.
Post Reply