Closed hlapp closed 9 years ago
I am not getting an SSL warning on either firefox or chrome.
No it's giving a self-signed certificate
@dleehr yes, I was able to see that too now.
@kcranston I'll have an email out in a moment.
We've previously raised the question of whether or not a self-signed cert might be OK for this site, since only the admin users (a small group) will be bumped to HTTPS. I don't know if a final decision was ever reached.
Also it does not appear that http://fossilcalibrations.org/protected enforces https
We've previously raised the question of whether or not a self-signed cert might be OK for this site, since only the admin users (a small group) will be bumped to HTTPS. I don't know if a final decision was ever reached.
It was. Self-signed certs are poor practice, and require only a nominal expense to rectify.
Ah, I forgot that this cert has already been secured.
Based on a quick look at the cert on https://152.3.101.137/, it seems to support both fossilcalibrations.org and www.fossilcalibrations.org. For SEO purposes, it's probably best to nudge to one or the other in our apache configuration. (This is not discussed in the Installation wiki page.)
Cert is now re-issued and installed.
The fossilcalibrations.org server has now moved to a PalAss server. I assume that as a result of that, the SSL address fails to domain-validate and browsers show a big scary warning. I assume this means that the SSL cert needs to be re-issued and installed on the PalAss webserver.
@dleehr and @jimallman - it seems that the HTTP URL doesn't redirect to HTTPS. Is this intentional, or on oversight from the move to PalAss, and if the former, are there redirect rules in place somewhere that ensure that login and other pages use HTTPS?