Server Help

Mine GO BOOM · Posted: Wed Jun 13, 2007 12:18 pm *Post maybe stupid* Post subject: Https

Since I have access to a couple of IPs now, I setup the forums to be one. Since I'm lazy and don't always like to type in the full url to get to the secure site, I setup a couple of features to better promote the use of the secure version of the forums.

If you have not read about the certificate used on the forums, check out this announcement post for more information and why it pops up a message box.

The first thing you'd notice is that the Login link now has an (SSL) tacked onto the end. This allows you to hit the secure login page up front, so your password is sent encrypted. A good security option, and mostly done for my laziness.

If you are logged in, go edit your profile. At the bottom of all the Yes/No questions is a new option, Always connect via HTTPS. If you select yes, anytime you log into the forums, it will change you over to the secure site. Anytime you visit the forums and you are not connected via SSL, it will make all the forum generated links point you to it. Roughly, it will try and force you to use SSL as much as possible. Good for those that have bookmarks or links from other sources, but wants to use HTTPS without doing any work. Again, done for my laziness.

And then the final touch, so the links that are in posts don't bother HTTPS and non HTTPS using people, all links in posts that link inside the forums are aware of your current settings. If someone posts an HTTPS link to another thread and you are using just normal HTTP, the forums will downgrade them. If you have HTTPS always-on, or just happen to be using HTTPS by choice for just that session, all non-HTTPS links are upgraded. Thus, the HTTP/HTTPS worlds won't collide and cause the untrusted certificate authority window to popup randomly to users of the forums.

BDwinsAlt · Posted: Wed Jun 13, 2007 12:58 pm *Post maybe stupid* Post subject:

Testing. I like this.

Cyan~Fire · Posted: Wed Jun 13, 2007 2:17 pm *Post maybe stupid* Post subject:

"MGB Certificate Authority"... I like it.

_________________
This help is informational only. No representation is made or warranty given as to its content. User assumes all risk of use. Cyan~Fire assumes no responsibility for any loss or delay resulting from such use.
Wise men STILL seek Him.

Cyan~Fire · Posted: Wed Jun 13, 2007 6:03 pm *Post maybe stupid* Post subject:

Hmm, so do SSL sites always refresh when you hit the back button instead of loading from cache? If so, can you make it so that the site goes out of SSL mode after you login via SSL? (I have "always use HTTPS" unchecked in my profile.)

BDwinsAlt · Posted: Wed Jun 13, 2007 6:08 pm *Post maybe stupid* Post subject:

Works fine for me on Firefox.

Mine GO BOOM · Posted: Wed Jun 13, 2007 7:17 pm *Post maybe stupid* Post subject:

Cancer+ · Posted: Thu Jun 14, 2007 1:36 pm *Post maybe stupid* Post subject:

How come when I log in SSL or have the "always use https" box checked, at the top of IE7, it says "Certificate Error" ?

Mine GO BOOM · Posted: Thu Jun 14, 2007 4:46 pm *Post maybe stupid* Post subject: