Jump to content


Photo

HTTPS and SSL certificates


  • Please log in to reply
7 replies to this topic

#1 paradoxbound

paradoxbound

    Guard

  • Contributors
  • PipPip
  • 124 posts

Posted 23 July 2017 - 05:58 PM

Hello,

 

hope this is the right place for this but I wondered if it would be possible to add HTTPS and an SSL cert to STEP. Letsencrypt do a free automated cert service and updating the certs are handled with a simple script running under cron. I have used them myself for a while now and it has never failed to renew the certs in time.

https://letsencrypt.org/


  • 2

#2 LordOfLA

LordOfLA

    Guard

  • Members
  • PipPip
  • 128 posts

Posted 13 October 2017 - 05:20 AM

I would second this - both Firefox and Chrome will start warning users that sites not using SSL are unsafe very soon if not already. It doesn't take long to setup LetsEncrypt SSL using EFF's CertBot on Linux/BSD servers.


  • 0

#3 z929669

z929669

    Ixian Inventor

  • Administrators
  • PipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPip
  • 9,258 posts

Posted 15 October 2017 - 01:50 PM

It's a possibility once we switch servers.



#4 TechAngel85

TechAngel85

    Akatosh

  • Administrators
  • PipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPip
  • 12,111 posts

Posted 15 October 2017 - 02:24 PM

We were using lets encrypt.



#5 LordOfLA

LordOfLA

    Guard

  • Members
  • PipPip
  • 128 posts

Posted 12 November 2017 - 05:33 AM

There are two free methods of providing SSL, lets encrypt and cloudflare. The latter is easier than the former. Not sure why foot dragging is occuring.


  • 0

#6 paradoxbound

paradoxbound

    Guard

  • Contributors
  • PipPip
  • 124 posts

Posted 12 November 2017 - 06:44 AM

There are two free methods of providing SSL, lets encrypt and cloudflare. The latter is easier than the former. Not sure why foot dragging is occuring.

The site is undergoing a major redevelopment, with new hardware, forum software and integration with Mod Picker. I am willing to wait for SSL/TLS to be included in that work. If you are concerned use a long unique password for STEP. I personally use a 24 character random string set by a password manager, which is certainly going to take longer to crack than my lifetime.


  • 0

#7 TechAngel85

TechAngel85

    Akatosh

  • Administrators
  • PipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPip
  • 12,111 posts

Posted 12 November 2017 - 11:18 AM

What paradoxbound said.

 

Though it's still several months out, we are in the mists of a total rebuild of the project. New server, updated software across the board, a switch to Mod Picker as our framework for the Guide and Packs, a new front-end website, and more. Depending on the time it takes to finish, we may or may not spin out a new SSL for the current site. However, since our server admin has gone MIA, I'm uncertain if we even have access to update it.



#8 Mator

Mator

    Jarl

  • Mod Authors
  • PipPipPipPipPipPipPipPipPip
  • 547 posts

Posted 12 November 2017 - 12:49 PM

we may or may not spin out a new SSL for the current site.

 
I'll make sure to set SSL up, it's a priority, in my opinion.
 
Also, midst*, not mists.  :)

Edited by Mator, 12 November 2017 - 12:49 PM.

  • 0


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users