Waterloo Region Connected

Full Version: SSL
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3
So Google Chrome keeps reminding me that WRC is not secure. 
For the security of you and your members have you considered installing an SSL certificate?
We have. We're going through the logistics now actually
(11-21-2018, 07:21 PM)Spokes Wrote: [ -> ]We have.  We're going through the logistics now actually

Cool, good to know. thanks Big Grin
(11-21-2018, 07:21 PM)Spokes Wrote: [ -> ]We have.  We're going through the logistics now actually

Let’s Encrypt, or something more complicated? Big Grin
That was one option we were looking at, but Taylortbb has been offering some really good suggestions of some paid alternatives that are still very reasonably priced
sooo... curious, any update on this? Been a while Tongue
No. Unfortunately not. It's on my list but sadly it's a long list and it's been a busy few months.

It's going to happen
Just wondering, what would this do for the forum? It's a public forum and everything we post is available to anyone in a browser.
There are a few members who could explain it way way way better than I, so I think I'll defer to them.
Not really about publicly available information on the forum, more about the data that's being transmitted -

https://blog.mozilla.org/security/2017/0...cure-http/

Quote:HTTPS helps keep you safe from eavesdropping and tampering when doing everything from online banking to communicating with your friends. This is important because over a regular HTTP connection, someone else on the network can read or modify the website before you see it, putting you at risk.
(02-19-2019, 07:09 PM)Canard Wrote: [ -> ]Just wondering, what would this do for the forum?  It's a public forum and everything we post is available to anyone in a browser.

First off, it would be nice if my login password is not transmitted in plain text. If my computer was connected to the same network as you when you logged in, I could find out what the password you used for the site is when you hit login within two seconds with the appropriate software loaded on my laptop. This is a bad thing if you use the same password on other sites, such as your banking or email account. (Which a lot of people tend to do).

Secondly, HTTP at this point should be considered "legacy" technology. Back in the infancy of the world wide web, I understand why no one outside of banks used it, due to the increased overhead of encrypting data, as processors of that era was not that fast (The first time I accessed a WWW page was on a computer with a 33 Megahertz processor and 4 megabytes of RAM). Nowadays that's a non-issue with the speeds of modern computers.

And thirdly, with programs like Let's Encrypt out there, there is no real reason not to as you can get a basic SSL certificate for free as long as you have a supported web provider or are renting a Linux or Windows VPS to host the page. (However it looks like GoDaddy is hosting this site based on the IP though, and they won't support Let's Encrypt as it competes with their own SSL Cert business)
(02-19-2019, 08:39 PM)bgb_ca Wrote: [ -> ]And thirdly, with programs like Let's Encrypt out there, there is no real reason not to as you can get a basic SSL certificate for free as long as you have a supported web provider or are renting a Linux or Windows VPS to host the page. (However it looks like GoDaddy is hosting this site based on the IP though, and they won't support Let's Encrypt as it competes with their own SSL Cert business)

GoDaddy SSL certificates are only C$12 for the first year, and C$100 thereafter, so not expensive there, either. Comodo InstantSSL is only $21/year from namecheap.com.
(02-19-2019, 09:00 PM)tomh009 Wrote: [ -> ]
(02-19-2019, 08:39 PM)bgb_ca Wrote: [ -> ]And thirdly, with programs like Let's Encrypt out there, there is no real reason not to as you can get a basic SSL certificate for free as long as you have a supported web provider or are renting a Linux or Windows VPS to host the page. (However it looks like GoDaddy is hosting this site based on the IP though, and they won't support Let's Encrypt as it competes with their own SSL Cert business)

GoDaddy SSL certificates are only C$12 for the first year, and C$100 thereafter, so not expensive there, either. Comodo InstantSSL is only $21/year from namecheap.com.

Not super expensive but a lot more than $0 for the same service...
(02-20-2019, 01:18 AM)plam Wrote: [ -> ]
(02-19-2019, 09:00 PM)tomh009 Wrote: [ -> ]GoDaddy SSL certificates are only C$12 for the first year, and C$100 thereafter, so not expensive there, either. Comodo InstantSSL is only $21/year from namecheap.com.

Not super expensive but a lot more than $0 for the same service...

They do cost an infinite percentage more. But if they are not supported, Let's Encrypt certificates are not really relevant.
(02-20-2019, 02:47 PM)tomh009 Wrote: [ -> ]
(02-20-2019, 01:18 AM)plam Wrote: [ -> ]Not super expensive but a lot more than $0 for the same service...

They do cost an infinite percentage more. But if they are not supported, Let's Encrypt certificates are not really relevant.

I'd be happy to help migrate the site away from GoDaddy.
Pages: 1 2 3