Deadly Cupcakes

General Category => Welcome to Deadly Cupcakes! => Topic started by: **andius on November 17, 2017, 03:21:20 PM

Title: https://deadlycupcakes.org/forums/
Post by: **andius on November 17, 2017, 03:21:20 PM

I get the message:

Quote

Everything should now be set up to use SSL. To join the future of 1999, please use https://deadlycupcakes.org/forums/ in your bookmarks instead of http.

So I got the https://deadlycupcakes.org/forums/ version of the site and login but when I login the message returns and Chrome tells me the site is Not secure

Title: Re: https://deadlycupcakes.org/forums/
Post by: Edalia on November 20, 2017, 12:08:19 PM

What URL do you end up at after login? Do you do the quick login at the top-right or click "Login" on the lower row ("Home Help Search Login Register)?

If you see a page that's Not Secure, you can usually just change http to https in the URL and get to the same page. There are still a few links that come standard in SMF that assume http, so with your help, I can try to track it down.

Title: Re: https://deadlycupcakes.org/forums/
Post by: Edalia on November 20, 2017, 12:10:48 PM

Looks like https://deadlycupcakes.org/forums/ does not use the SSL cert, but https://www.deadlycupcakes.org/forums/ does. Dammit.

For now, if you add www. in front of deadlycupcakes.org in your URLs, that will use SSL with the cert.

Title: Re: https://deadlycupcakes.org/forums/
Post by: **andius on November 20, 2017, 02:58:47 PM

Thank you adding the ww fixed it, I see you also changed the address in the "news"parts too :)

Title: Re: https://deadlycupcakes.org/forums/
Post by: Edalia on November 22, 2017, 07:05:30 AM

I will try to figure out why our cert is bound to www, not *. Sorry about that!

Title: Re: https://deadlycupcakes.org/forums/
Post by: Marco on November 22, 2017, 09:25:55 AM

The cert seems fine, with deadlycupcakes.org and www.deadlycupcakes.org DNS SANs, and it is presented for the main connection when you visit https://deadlycupcakes.org/forums.  However, the content at that URL contains a mix of https:// and http:// links; in particular, the form submission actions for the login and search boxes are insecure, which causes Chrome to consider the connection not fully secure.  The content at https://www.deadlycupcakes.org/forums contains far fewer http:// links.

Title: Re: https://deadlycupcakes.org/forums/
Post by: Edalia on November 27, 2017, 08:11:47 AM

Quote from: Marco on November 22, 2017, 09:25:55 AM

The cert seems fine, with deadlycupcakes.org and www.deadlycupcakes.org DNS SANs, and it is presented for the main connection when you visit https://deadlycupcakes.org/forums.  However, the content at that URL contains a mix of https:// and http:// links; in particular, the form submission actions for the login and search boxes are insecure, which causes Chrome to consider the connection not fully secure.  The content at https://www.deadlycupcakes.org/forums contains far fewer http:// links.

Thanks, Marco! I see a similar issue whenever certain linked avatars or gifs people post from http:// sources.

Since I'm not sure if any modifications I make to the login form on the home page will survive a software update (and a hint of laziness), please click Login on the top bar to login rather than the default form to ensure you are logging in with SSL.