HTTPS certificate for the site

nigelpkay

Member
I noticed recently I'm getting warnings about the HTTPS certificate on the site. i.e. trying to log in via my iPhone, Windows, or Mac, it says the site is not trusted and not secure to enter credentials. Anyone else seeing this? The cert is for audiofanzine.com which I believe covers a lot of gear-related sites.
Or is it just overzealous browser?
 

CrazyNutz

New member
nigelpkay":3hzv7vzf said:
I noticed recently I'm getting warnings about the HTTPS certificate on the site. i.e. trying to log in via my iPhone, Windows, or Mac, it says the site is not trusted and not secure to enter credentials. Anyone else seeing this? The cert is for audiofanzine.com which I believe covers a lot of gear-related sites.
Or is it just overzealous browser?

Yes the SSL certificate is invalid. I just connect via http instead of https. The problem is the latest version of most browesers are starting to default/force https.
 

nigelpkay

Member
Thanks, doesn't this mean any login credentials are sent in clear text?

I had this issue on another site on the weekend (hvac-talk.com). I registered and realized while doing it quickly it wasn't secure and within an hour I had a spam message with my password I just used in the subject header. It was unnerving until I figured it out, and luckily I use one-time junk passwords for message boards like these.
 

CrazyNutz

New member
nigelpkay":q4tk1m57 said:
Thanks, doesn't this mean any login credentials are sent in clear text?

I had this issue on another site on the weekend (hvac-talk.com). I registered and realized while doing it quickly it wasn't secure and within an hour I had a spam message with my password I just used in the subject header. It was unnerving until I figured it out, and luckily I use one-time junk passwords for message boards like these.


If you are using https, and just ignoring the warning message continuing to the site, you are still encrypted. That warning message is just saying the certificate does not match this domain, but your communications are still encrypted.

If you are using http, then your credential are probably plain text, or something easy like base64.
 

nigelpkay

Member
Thanks I figured it out, yeah this must be a recent thing but Safari on iOS doesn’t make it easy to force HTTPS. You have to physically type in https: before the rig-talk URL, then get through the dire warning and it’s not quite intuitive on how to proceed. Only seemed to have started this week but I see it on other browsers too. It’s enforcing the CN name of the certificate to be the same as the site name even though this audiofanzine cert covers a lot of sites.

It’s not just rig talk, it’s happening to me on Marshall forum, Les Paul forum when you enter your login. For many users it might not be obvious the credentials page isn’t secured because your browser doesn’t want to create the secure connection.
 

nero

Administrator
Staff member
Is it better now? I still had jobs running for converting images URLs. They must have slowed down the board...
 
Top