Welcome, Guest. Please login or register.
Jun 26, 17, 12:59 PM

Login with username, password and session length

Google Search

Members
Stats
  • Total Posts: 102875
  • Total Topics: 11367
  • Online Today: 33
  • Online Ever: 127
  • (Nov 02, 12, 06:30 AM)
Users Online
Users: 0
Guests: 8
Total: 8

adverts

RoboForm: Learn more...

Secunia

Themes





Author Topic: Server SSL now you can use https to login  (Read 577 times)

0 Members and 1 Guest are viewing this topic.

Offline Derek

  • Being a nuisance
  • Landlord
  • ***
  • Posts: 13242
  • Bogle Points: 45
  • Gender: Male
    • Myonlinesecurity
Server SSL now you can use https to login
« on: Dec 08, 16, 08:44 AM »
We now have a server SSL certificate on the our-local.co.uk domain as well as every other domain on this server
This means that you can now log in securely on SSL by using https://our-local.co.uk

I have not yet set it to force ssl, because I am worried about breaking the forum. I leave it up to you whether to use SSL or the old plain insecure ( less secure) default http log in
I recommend that you update your shortcuts to use https://our-local.co.uk instead of the old http://our-local.co.uk

If you use the https: option you should see a padlock on browser bar.  However some pages will not show the padlock if there are linked images to a non https page. And might give warnings in your browser of insecure ( mixed) content. You can safely ignore those messages or just press OK / accept /allow on the pop up warning bar at bottom of page

You can prevent mixed content messages If you use Internet explorer as your browser then you can go to Tools/options/security => select internet zone / custom level & scroll down to mixed content. Select ENABLE. The default is normally prompt

I feel it is important to be able to log in to the forum using a secure HTTPS / SSL connection to prevent your passwords & logins being stolen, by somebody eavesdropping or intercepting your connection.


Offline Obblie

  • The Cat Astrophe
  • Landlord
  • ***
  • Posts: 14387
  • Bogle Points: 50
  • Gender: Male
  • Kissy kissy...
Re: Server SSL now you can use https to login
« Reply #1 on: Dec 08, 16, 10:27 AM »
Done using Chrome, seems OK.
"Capitalism is the astounding belief that the most wickedest of men will do the most wickedest of things for the greatest good of everyone". John Maynard Keynes

Offline Kat

  • Twaddler
  • ***
  • Posts: 724
  • Bogle Points: 0
  • Meh
Re: Server SSL now you can use https to login
« Reply #2 on: Dec 08, 16, 10:29 AM »
Would I need to log out, then got to the https URL and log back in?

Offline Derek

  • Being a nuisance
  • Landlord
  • ***
  • Posts: 13242
  • Bogle Points: 45
  • Gender: Male
    • Myonlinesecurity
Re: Server SSL now you can use https to login
« Reply #3 on: Dec 08, 16, 10:37 AM »
I don't know Kat
probably, otherwise you might get weird behaviour with some pages SSL & Some plain old HTTPS 

I think the cookies for HTTPS are different to HTTP so it might give errors when you mix & match

@keith I have also added SSL to all your sites on the server that auto- renews itself

Offline Kat

  • Twaddler
  • ***
  • Posts: 724
  • Bogle Points: 0
  • Meh
Re: Server SSL now you can use https to login
« Reply #4 on: Dec 08, 16, 10:45 AM »
I just tried with Vivaldi and it's telling me that the password's wrong.

I'll stick with Opera v12, until I can be arsed to start buggerinabout. :)

Offline Kat

  • Twaddler
  • ***
  • Posts: 724
  • Bogle Points: 0
  • Meh
Re: Server SSL now you can use https to login
« Reply #5 on: Dec 08, 16, 10:50 AM »
Hmmm... Third time lucky. It accepted it, this time! It reset me to the default them, coz of cookies and stuff, I expect.

All seems OK, now! :)

Offline Obblie

  • The Cat Astrophe
  • Landlord
  • ***
  • Posts: 14387
  • Bogle Points: 50
  • Gender: Male
  • Kissy kissy...
Re: Server SSL now you can use https to login
« Reply #6 on: Dec 08, 16, 11:07 AM »
I don't know Kat
probably, otherwise you might get weird behaviour with some pages SSL & Some plain old HTTPS 

I think the cookies for HTTPS are different to HTTP so it might give errors when you mix & match

All I did was to add https// infront of the url in the chrome bookmark  :pa

Quote
@keith I have also added SSL to all your sites on the server that auto- renews itself
:hat3:
"Capitalism is the astounding belief that the most wickedest of men will do the most wickedest of things for the greatest good of everyone". John Maynard Keynes

Offline Derek

  • Being a nuisance
  • Landlord
  • ***
  • Posts: 13242
  • Bogle Points: 45
  • Gender: Male
    • Myonlinesecurity
Re: Server SSL now you can use https to login
« Reply #7 on: Dec 08, 16, 08:17 PM »
I have now set the forum as 100% ssl automatically regardless what you type to get in
You might see the  odd broken SSL page where there are linked  images ( only those linked to non HTTPS pages ) Some Youtube videos from a long time ago were on non https links
When they appear on a page, you won't see a padlock & will get insecure warnings in all browsers.
I really cannot do a complete forum search & update all possible links

I have edited everything else that needed editing that was a hard coded link

Offline Kat

  • Twaddler
  • ***
  • Posts: 724
  • Bogle Points: 0
  • Meh
Re: Server SSL now you can use https to login
« Reply #8 on: Dec 08, 16, 10:09 PM »
I really cannot do a complete forum search & update all possible links

Of course you can!

You won't of course. I don't blame you one iota, either!

I wondered about a simple find/replace all, in the database. Then, I thought of the old days and "FDisk" and decided that would be a right lark!

Go for it, Derek! I dare ya!  :pa

Offline Langston

  • I am the only person in the world who is exactly the same as everybody else.
  • Barfly
  • ***
  • Posts: 21053
  • Bogle Points: 0
  • Gender: Male
  • その良い夜に優しい行ってはいけません
    • Clangston at DeviantArt
Re: Server SSL now you can use https to login
« Reply #9 on: Dec 09, 16, 05:01 PM »
 :hat3: