search

RetroShare / retroshare.github.io

RetroShare Website
https://retroshare.cc
8 stars 14 forks source link

Insecure HTTPS certificate at https://retroshare.net #33

Closed ElonSatoshi closed 5 years ago

ElonSatoshi commented 6 years ago

https://ipfs.io/ipfs/QmTQzvbks7MsLUsNcH7KGaXKwwKY6hZLwhe2oegCke1PdQ

I linked to https://retroshare.net in a Matrix chatroom. They are now all unwilling to trust Retroshare, because of the insecure connection error.

csoler commented 6 years ago

Hi, Could you plz explain exactly what kind of threat you think you're facing? For the record, all builds are signed with the RS dev PGP key with Key 0932399B, and you can verify this signature yourself.

thx

ElonSatoshi commented 6 years ago

Almost every time I recommend software, people have some reason to say no. Isn't that weird?

mestaritonttu commented 6 years ago

What exactly is insecure about the HTTPS cert?

blaueente commented 6 years ago

The https cert is issued for *.github.io, whereas the domain is retroshare.net. That means a standard browser issues a certificate error if one visits https://retroshare.net . In order to recommend retroshare to people ("Connect with Friends and Family"), I would like to send them a link to https://retroshare.net . Those are not the people who want to verify PGP signatures, and I also do not want to tell them to ignore the warning or send them to an unencrypted download site, as that would set a false example or be outright dangerous.

l-n-s commented 5 years ago

Now github supports HTTPS certificates for custom domains. Repository owner can disable https in repository config and re-enable it after a while, it will make https://retroshare.net work. Try it :+1:

felisucoibi commented 5 years ago

this can be closed.

alfinal commented 5 years ago

Now github supports HTTPS certificates for custom domains. Repository owner can disable https in repository config and re-enable it after a while, it will make https://retroshare.net work. Try it +1

If it was, it's not working currently:

https://retroshare.net

retroshare.net uses an invalid security certificate. The certificate is only valid for the following names: .github.com, github.com, .github.io, github.io

In other hand https://retroshare.cc is working with a Let's Encrypt certificate.

Please reopen this issue.

zapek commented 5 years ago

Just use https://retroshare.cc It's the official website now.