Hi,
This forum does not handle requests over https.
If you are accepting user credentials (username/password), or using token based authentication for session (cookies), you should be encrypt the transport layer.
This is done for the protection of your users, passive capture of authentication tokens would lead to complete account compromise.
Could i request this feature of the forum?
Thank you
agree
+1
I am doing this right now… been putting off and off as not had the time to sort this out but this is the goal of the day 
Hopefully we will have ssl for the forum in a few hours
Fuzzybear
[quote=“FuzzyBear, post:5, topic:1229”]I am doing this right now… been putting off and off as not had the time to sort this out but this is the goal of the day Hopefully we will have ssl for the forum in a few hours
Fuzzybear[/quote]
Sweet!
[quote=“FuzzyBear, post:5, topic:1229”]I am doing this right now… been putting off and off as not had the time to sort this out but this is the goal of the day Hopefully we will have ssl for the forum in a few hours
Fuzzybear[/quote]
Great news. HTTPS is really important. At least this is just a forum though. The NXT exchange dgex.com doesn’t have HTTPS. That is really troubling.
grrr apparently cos the domain has “coin” in it I have to pay for lvl 2 validation as it is viewed as commercial or financial site. I am arguing my case… failing that i’ll have to send some docs to them but might be a week or so 
Fuzzybear
sigh well a row over the clasification of bitcoin being a currency 
and looks like i need $59.90 to get class 2 clearance… least this will give us as many certs as wanted and wildcards… trying to sort out my photo ids… will update when I have more info
Fuzzybear
Hi FuzzyBear,
Thanks for looking into this.
If you can start cutting certificates for any domain you own that is worth it. It will allow you to spin off other projects under this name, or have different certificates for subprojects.
[quote=“FuzzyBear, post:9, topic:1229”]sigh well a row over the clasification of bitcoin being a currency and looks like i need $59.90 to get class 2 clearance… least this will give us as many certs as wanted and wildcards… trying to sort out my photo ids… will update when I have more info
Fuzzybear[/quote]
I am happy to chip in $10 for this. How’s the application coming along?
[quote=“kitten, post:11, topic:1229”][quote=“FuzzyBear, post:9, topic:1229”]sigh well a row over the clasification of bitcoin being a currency and looks like i need $59.90 to get class 2 clearance… least this will give us as many certs as wanted and wildcards… trying to sort out my photo ids… will update when I have more info
Fuzzybear[/quote]
I am happy to chip in $10 for this. How’s the application coming along?[/quote]
Many thanks for the offer, and prompting me to get back on this. I am updating my drivers license so they have photo id with correct address, then I have all I need and should be able to get ssl sorted.
With a bit of luck should be done in a few weeks. Sorry for delay and thank you for your patients.
Fuzzybear
Sent from my HTC Desire using Tapatalk 2
Oops sorry, accidentally used crappy AUD for the conversion without thinking… anyway, 10 mBTC sent.
Is there any technical reason for the delay, or just generally busy? I bought an SSL cert from http://www.positivessl.com/ once and it happened nearly instantly. Edit: i.e. no messing around with photo ID, etc. maybe rapidssl is the same? not sure…
For the first step, can we set up a self-signed certificate to use in the meantime?
Just registered d/peercointalk for when the namecoin folks get TLS integration smoothed out.
[quote=“kitten, post:13, topic:1229”]Oops sorry, accidentally used crappy AUD for the conversion without thinking… anyway, 10 mBTC sent.
Is there any technical reason for the delay, or just generally busy? I bought an SSL cert from http://www.positivessl.com/ once and it happened nearly instantly. Edit: i.e. no messing around with photo ID, etc. maybe rapidssl is the same? not sure…
For the first step, can we set up a self-signed certificate to use in the meantime?[/quote]
Hey kitten,
Many thanks for the donation
The SSL was going great till they refused to let me SSL a site that had “coin” in the URL as they classed it as finance Hence the need for photo id… this is in the post and once verified everything should be pretty quick smooth and cheap and we can have wildcard SSL and few other things for the price…
can you explain what I would need to do to set up a self signed cert? and i’ll have a go at it
Fuzzybear
[quote=“FuzzyBear, post:15, topic:1229”]Hey kitten,
Many thanks for the donation
The SSL was going great till they refused to let me SSL a site that had “coin” in the URL as they classed it as finance Hence the need for photo id… this is in the post and once verified everything should be pretty quick smooth and cheap and we can have wildcard SSL and few other things for the price…
can you explain what I would need to do to set up a self signed cert? and i’ll have a go at it
Fuzzybear[/quote]
Was this with startssl by any chance? They got me on the “coin” thing too with one of my domains
The guys you’re buying the certificate off will have some instructions on how to generate a Certificate Signing Request (CSR) for them. Part of that process will be creating the server key – so it’s something you’ll have to do anyway, eventually.
Here’s a link explaining the the whole process:
http://www.akadia.com/services/ssh_test_certificate.html
The key line for self-signing is:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crtThis command takes in a certificate request (server.csr) and a private key (server.key) and outputs it to the certificate (server.crt).
Also read http://www.iis.net/learn/manage/configuring-security/how-to-set-up-ssl-on-iis
[quote=“kitten, post:16, topic:1229”][quote=“FuzzyBear, post:15, topic:1229”]Hey kitten,
Many thanks for the donation
The SSL was going great till they refused to let me SSL a site that had “coin” in the URL as they classed it as finance Hence the need for photo id… this is in the post and once verified everything should be pretty quick smooth and cheap and we can have wildcard SSL and few other things for the price…
can you explain what I would need to do to set up a self signed cert? and i’ll have a go at it
Fuzzybear[/quote]
Was this with startssl by any chance? They got me on the “coin” thing too with one of my domains
The guys you’re buying the certificate off will have some instructions on how to generate a Certificate Signing Request (CSR) for them. Part of that process will be creating the server key – so it’s something you’ll have to do anyway, eventually.
Here’s a link explaining the the whole process:
http://www.akadia.com/services/ssh_test_certificate.html
The key line for self-signing is:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crtThis command takes in a certificate request (server.csr) and a private key (server.key) and outputs it to the certificate (server.crt).
Also read http://www.iis.net/learn/manage/configuring-security/how-to-set-up-ssl-on-iis[/quote]
Awesome kitten I know what I will be doing tonight
Oh and yes it was through startssl
Fuzzybear
Hey Fuzzybear, how did you go with this?
I’m available to help out if you want (e.g. over IRC)
Edit: I’ll actually be away most of this week, but we can sort out a time for it if you want, just post here or PM.
bump
Hey kitten,
Thank you for keeping on at me about this… I have now self signed a certificate on the server so you will get a wrong site and unknown user alert, but this should be good enough for you all to access via https now. Do I need to clarify the certificate hash or anything or is this good enough till the proper https is sorted?
give it a try
Fuzzybear