Security issue with Doc's?

Joined: January 1st, 1970, 12:00 am

March 10th, 2018, 6:00 am #1

Anybody having a Firefox "security" issue with viewing pages or pictures hosted on docsmachine.com?

Over on MCB, they pointed out that all the pics in my thread about the lever action aren't viewable- Firefox refuses the connection as not secure. The specific issue is my "certificate" is apparently "self signed", whatever either of those things means.

I have no control over that either way, in any case. Apart from calling and yelling at my host, anything I can do about it?

Doc.
Quote
Like
Share

Joined: September 11th, 2014, 5:40 pm

March 10th, 2018, 8:21 am #2

i have not had any issues and i am running firefox, hell i am currently rereading that exact build in a different tab...
Quote
Like
Share

Joined: September 11th, 2014, 5:58 pm

March 10th, 2018, 10:16 am #3

The issue is SSL: If you go to the normal docsmachine.com address (http://docsmachine.com) you are served the normal unsecured site.
However, if you go (or your browser attempts to force you to go) to https://docsmachine.com, you are served a secured version, which hasn't been configured. There is a plesk certificate on the server, but as it's not an externally generated and tracable cert, it isn't trusted by a browser.

The solutions are either to turn off the https serving on the server/host, or to have a proper cert installed (either purchased or a free valid cert, like from letsenrypt) to remove the self-signed cert.
Quote
Like
Share

Joined: January 4th, 2015, 6:20 am

March 10th, 2018, 4:22 pm #4

I would strongly recommend getting your site set up with a valid certificate, LetsEncrypt is free and sufficient for what you need as ChloeRed suggested. The major Internet browsers are rapidly pushing to move away from HTTP and to HTTP.S, Chrome is going to start flagging all non-HTTP.S pages as unsafe and throwing up big error messages sometime this summer. Once you have a certificate up and running I would also recommend talking to your web host to redirect everyone to only use HTTP/S as well.

Essentially the certificate is a document that is 'signed' by several trusted organizations in a chain, going back to a handful of extremely tightly vetted certification authorities. Each jump in the chain is encrypted with keys known only to the two endpoints. The certificate tells your browser that docsmachine.com is presenting content only from docsmachine.com, and that nobody else is impersonating the site - if someone tried, the encryption chain would not be valid at one of the steps and the math of the encryption cipher would return an invalid result. Once you have a valid certificate from trusted sources the entire browser session is encrypted so nobody can view the traffic or insert their own content.

TL;DR get your web hosting folks to get yourself a free Let's Encrypt SSL certificate and redirect all HTTP to HTTP/S.
Quote
Like
Share

Joined: September 11th, 2014, 5:40 pm

March 10th, 2018, 8:28 pm #5

I'm running the HTTPS everywhere plugin, which basically forces everything my browser sees to go in over https instead of the unecrypted stuff and i (while reading on Docsmachine itself) had no issues...

SOME TIME LATER AND AFTER A SMALL EXPERIMENT

Aaaah thats because it goes to www.docsmachine.blabla and when i manually add the Https bit i do get an error kicked up that maches what is seen by others
Quote
Like
Share