Jump to content

[Issue Solved] Jumping into "https" Secure Mode?

D. V. Devnull
 Share

Recommended Posts

D. V. Devnull

D. V. Devnull

Posted
Posted

Hello, all...

 

So, this morning as I was going to log into Tip.It Forums, I ran headlong into a jump into "https" mode, as well as a warning from my browser that it couldn't authenticate the SSL Certificate that was being shown to it. I looked around, and couldn't find an announcement about this change to the forum's login and/or security systems. Unluckily, to get this far and post here, I had to accept the certificate temporarily for the current browser session before I could post here to ask if it was valid. Is there anyone here that could please confirm Tip.It Forums has had a valid SSL Certificate added to its' login system? Or am I now going to be forced to find a workaround to get to the forums, let alone changing my login password? :huh:

 

Also, if it is valid, might I suggest an announcement is put up immediately?!?!? :idea:

 

~Mr. D. V. "Really [bleep] confused here..." Devnull

tifuserbar-dsavi_x4.jpg and normally with a cool mind.

(Warning: This user can be VERY confusing to some people... And talks in 3rd person for the timebeing due to how insane they are... Sometimes even to themself.)

Link to comment
Share on other sites
D. V. Devnull

D. V. Devnull

Posted
  • Author
Posted
We have had a valid SSL Certificate added to our login system.

Alright, I'll make sure to set an exception on my browser. Glad to know I'm not being diverted elsewhere, and that we're securing the login step a bit better now. Thank you for confirming this for me. :thumbsup:

 

~D. V. "Phew... that's a relief!" Devnull

 

 

 

(p.s.: I've put a marker on the front of this thread to show the question's been answered.)

 

(p.p.s.: Could someone give this thread sticky status? I think this is important to keep in view for at least a month.)

tifuserbar-dsavi_x4.jpg and normally with a cool mind.

(Warning: This user can be VERY confusing to some people... And talks in 3rd person for the timebeing due to how insane they are... Sometimes even to themself.)

Link to comment
Share on other sites
Rainy_Day

Rainy_Day

Posted
Posted
We have had a valid SSL Certificate added to our login system.

Alright, I'll make sure to set an exception on my browser. Glad to know I'm not being diverted elsewhere, and that we're securing the login step a bit better now. Thank you for confirming this for me. :thumbsup:

 

~D. V. "Phew... that's a relief!" Devnull

 

 

 

(p.s.: I've put a marker on the front of this thread to show the question's been answered.)

 

(p.p.s.: Could someone give this thread sticky status? I think this is important to keep in view for at least a month.)

I'm sure someone would either post a thread or see this one since this forum is not too active. Never a need to clog up forums with pointless stickies. :)

( ͡° ͜ʖ ͡°)

RIP Michaelangelopolous

Link to comment
Share on other sites
MageUK

MageUK

Posted
Posted
We have had a valid SSL Certificate added to our login system.

Alright, I'll make sure to set an exception on my browser. Glad to know I'm not being diverted elsewhere, and that we're securing the login step a bit better now. Thank you for confirming this for me. :thumbsup:

 

You shouldn't have to set an exception, it's a valid certificate. Perhaps you visited the login page while we were still messing with the configuration.

Link to comment
Share on other sites
The Observer

The Observer

Posted
Posted
We have had a valid SSL Certificate added to our login system.

Alright, I'll make sure to set an exception on my browser. Glad to know I'm not being diverted elsewhere, and that we're securing the login step a bit better now. Thank you for confirming this for me. :thumbsup:

 

You shouldn't have to set an exception, it's a valid certificate. Perhaps you visited the login page while we were still messing with the configuration.

 

At the top it shows up as unsigned.

 

SH9b2.png

 

Not sure if it's a bug or not.

 

I'll check with other browsers.

j0xPu5R.png

Link to comment
Share on other sites
essiw

essiw

Posted
Posted (edited)

My browser (Safari for mac os lion, 5.1) say it is a trusted certificate :) Will check with other browsers to see if that makes a difference

 

Firefox 4.0.1 for mac says: (Foutcode: sec_error_unknown_issuer) (says it isn't trusted and if I would like to continue)

Firefox 7.01 (last version) for mac also says it isn't trusted.

Chrome 14.0.835.186 (last version) for mac also says it isn't trusted.

Edited by essiw

http://sign.tip.it/1/2/79/260/essiw.png

Retired item crew

I would like to be credited as essiw at the website update & corrections forum. Thanks!

Link to comment
Share on other sites
obfuscator

obfuscator

Posted
Posted

The certificate for the forum is fine. It says "other resources are not being loaded securely". Looks like the stylesheets and script files aren't loading properly - even if I load them anyway it looks glitched using https.

polvCwJ.gif
"It's not a rest for me, it's a rest for the weights." - Dom Mazzetti

Link to comment
Share on other sites
The Observer

The Observer

Posted
Posted

I checked with IE and it confirms that it's secure, but it isn't a valid certificate (Firefox 4 and 7 has a big warning screen and asks if I would like to continue). Obfuscator's hypothesis is probably right imo considering its variance.

j0xPu5R.png

Link to comment
Share on other sites
MageUK

MageUK

Posted
Posted
We have had a valid SSL Certificate added to our login system.

Alright, I'll make sure to set an exception on my browser. Glad to know I'm not being diverted elsewhere, and that we're securing the login step a bit better now. Thank you for confirming this for me. :thumbsup:

 

You shouldn't have to set an exception, it's a valid certificate. Perhaps you visited the login page while we were still messing with the configuration.

 

At the top it shows up as unsigned.

 

SH9b2.png

 

Not sure if it's a bug or not.

 

I'll check with other browsers.

 

That's just Chrome telling you there's insecure items on the page. In this case, it's the advert, I'll see if I can turn the advert off for the login page.

 

 

My browser (Safari for mac os lion, 5.1) say it is a trusted certificate :) Will check with other browsers to see if that makes a difference

 

Firefox 4.0.1 for mac says: (Foutcode: sec_error_unknown_issuer) (says it isn't trusted and if I would like to continue)

Firefox 7.01 (last version) for mac also says it isn't trusted.

Chrome 14.0.835.186 (last version) for mac also says it isn't trusted.

 

I've tried both Firefox 7 and 8, and it's trusted on both of them. Firefox 4... well, I think there's a line commented in the server config (the chain file) that needs to be uncommented, so I'll sort that out.

 

 

The certificate for the forum is fine. It says "other resources are not being loaded securely". Looks like the stylesheets and script files aren't loading properly - even if I load them anyway it looks glitched using https.

 

Again, that's the advert, the stylesheets etc. are fine.

 

I checked with IE and it confirms that it's secure, but it isn't a valid certificate (Firefox 4 and 7 has a big warning screen and asks if I would like to continue). Obfuscator's hypothesis is probably right imo considering its variance.

 

Same as to essiw.

Link to comment
Share on other sites
obfuscator

obfuscator

Posted
Posted

The actual certificate being "untrusted" should now be fixed. What version of Chrome is that?

The certificate itself has always been trusted for me - it just shows the https as crossed out because "other resources are not verified". I'm on chrome 15.0.874.58.

polvCwJ.gif
"It's not a rest for me, it's a rest for the weights." - Dom Mazzetti

Link to comment
Share on other sites
MageUK

MageUK

Posted
Posted

The actual certificate being "untrusted" should now be fixed. What version of Chrome is that?

The certificate itself has always been trusted for me - it just shows the https as crossed out because "other resources are not verified". I'm on chrome 15.0.874.58.

 

Yeah but it probably is giving you that popup because there was an element of the certificate missing and thus not loading a bunch of content. If you go to the login page now and do a hard refresh, does it still load without styles like that?

Link to comment
Share on other sites
obfuscator

obfuscator

Posted
Posted

Of course, but if you still enforce https on the rest of the forums you can encrypt the cookie(s).

 

Of course, it helps just using https on the login, as anyone running a sniffer may not be able to get your login details; but your cookies can still be stolen if all the other pages aren't using https as well.

polvCwJ.gif
"It's not a rest for me, it's a rest for the weights." - Dom Mazzetti

Link to comment
Share on other sites
MageUK

MageUK

Posted
Posted

Of course, but if you still enforce https on the rest of the forums you can encrypt the cookie(s).

 

Of course, it helps just using https on the login, as anyone running a sniffer may not be able to get your login details; but your cookies can still be stolen if all the other pages aren't using https as well.

 

You can't steal someone's session in IPB by just stealing their cookie.

 

It would also severly increase our CPU usage to use all HTTPS for the whole forum.

 

Anyway, the login page (for the Tip.It Skin, not for the other skins yet) has now been fully secured. Chrome has a bug where it won't say it's secure until you restart the browser, but it is.

 

EDIT: All skins have the fix now.

Link to comment
Share on other sites
obfuscator

obfuscator

Posted
Posted

Well, you'd need the same IP address I assume, which is certainly possible on an unsecured network...

 

At any rate, I digress. Thanks for fixing it :thumbup:

polvCwJ.gif
"It's not a rest for me, it's a rest for the weights." - Dom Mazzetti

Link to comment
Share on other sites
D. V. Devnull

D. V. Devnull

Posted
  • Author
Posted
<<<Quote Snip>>>

 

You can't steal someone's session in IPB by just stealing their cookie.

 

It would also severly increase our CPU usage to use all HTTPS for the whole forum.

 

Anyway, the login page (for the Tip.It Skin, not for the other skins yet) has now been fully secured. Chrome has a bug where it won't say it's secure until you restart the browser, but it is.

 

EDIT: All skins have the fix now.

Looks like that fixed it for me, thanks to your hand work, Peter! I was able to drop my exception and still have the login work normally. :thumbsup:

 

I'll post back if that changes, though. ;)

 

~D. V. "Nice Fix!" Devnull

tifuserbar-dsavi_x4.jpg and normally with a cool mind.

(Warning: This user can be VERY confusing to some people... And talks in 3rd person for the timebeing due to how insane they are... Sometimes even to themself.)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept