Page 1 of 2
Security Certificate for foldingforum.org
Posted: Wed Nov 25, 2020 8:03 am
by psaam0001
Did someone need to update the security certificate for this forum??? Firefox is flagging it.
Paul
Re: Security Certificate for foldingforum.org
Posted: Wed Nov 25, 2020 8:10 am
by Joe_H
Yes, already checking into who takes care of that.
Re: Security Certificate for foldingforum.org
Posted: Wed Nov 25, 2020 8:11 am
by psaam0001
No problem....
Paul
Re: Security Certificate for foldingforum.org
Posted: Wed Nov 25, 2020 1:58 pm
by Foxbat
Yeah, Safari was really concerned that I was going to compromise myself by continuing to this site. I’m glad to hear that it’s being addressed.
Re: Security Certificate for foldingforum.org
Posted: Wed Nov 25, 2020 3:30 pm
by Joe_H
Yeah, my Safari complained as well. At least it allows for overriding that message and continuing to the site relatively easily, it can be harder in some other browsers.
Re: Security Certificate for foldingforum.org
Posted: Wed Nov 25, 2020 3:50 pm
by Jandska
My Bitdefender was warning me as well
(can override though) but the forum itself seems glitched for me (Firefox) - graphics are not loading correctly (tried to change themes but that didn't help neither deleting cookies - as an option on one theme). Yesterday it was ok
Re: Security Certificate for foldingforum.org
Posted: Mon Nov 30, 2020 3:00 pm
by FalconFour
Bump! This is still a pretty serious issue... any browser used by anyone will flag the site as "warning! you shouldn't visit this site!" that has to be manually bypassed. It's an incredibly bad look.
I don't agree with the need for HTTPS everywhere... really makes the web a more messed-up place to be, but I also know all modern browsers have made it unavoidable. Such is the world we now live in.
Ought to make that certificate management automated!
Re: Security Certificate for foldingforum.org
Posted: Mon Nov 30, 2020 3:07 pm
by Hopfgeist
FalconFour wrote:
[...]
Ought to make that certificate management automated!
Yes. Using
letsencrypt is almost hassle-free, costs nothing and is easy to automate. In fact, doing it manually is strongly discouraged.
HG.
Re: Security Certificate for foldingforum.org
Posted: Mon Nov 30, 2020 3:44 pm
by gunnarre
Not all users trust LetsEncrypt certificates due to their liberal policy of issuing it to any website (including phishing websites), but the users who care about that would be a minority.
Re: Security Certificate for foldingforum.org
Posted: Tue Dec 01, 2020 2:42 am
by road-runner
yea firefox complained also had to allow an exception
Re: Security Certificate for foldingforum.org
Posted: Wed Dec 02, 2020 11:40 am
by joncrane
This is a serious issue, what's the status on this? It's been a week now.
Re: Security Certificate for foldingforum.org
Posted: Wed Dec 02, 2020 3:19 pm
by Joe_H
Latest I have heard was that a new certificate was obtained, they are looking into why it is not being used.
Re: Security Certificate for foldingforum.org
Posted: Wed Dec 02, 2020 4:35 pm
by ComputerUser
Joe_H wrote:Latest I have heard was that a new certificate was obtained, they are looking into why it is not being used.
I don't think they have already obtained a new certificate, because
there is no new certificate logged in the Certificate Transparency logs. Each SSL Certificate must be logged in at least two different
CT logs to be trusted by Google Chrome, so most CAs submit them immediately. As you can see in the link above the newest certificate (
ID 2163700851) is the expired cert, so we have to wait until they manage to get and install a new one.
Cheers,
ComputerUser
Re: Security Certificate for foldingforum.org
Posted: Wed Dec 02, 2020 5:24 pm
by aetch
There has been a number of new certificates issued under the *.foldingathome.org domain in the last few days.
I wonder if the forums have been overlooked because they're on a different domain name, issued by a different certification authority and possibly using a different process to obtain said certificate.
Re: Security Certificate for foldingforum.org
Posted: Thu Dec 03, 2020 8:38 am
by Hopfgeist
gunnarre wrote:Not all users trust LetsEncrypt certificates due to their liberal policy of issuing it to any website (including phishing websites), but the users who care about that would be a minority.
I understand. Letsencrypt, as the name suggests, put their emphasis more on the encrypted connection (making that the default across the whole web), and somewhat less on trustworthy authentication.
HG.