Author Topic: https://geekhack.org -- limited SSL support deployed (Read 12360 times)

mkawa · « **on:** Fri, 14 November 2014, 19:12:22 »

folks,

we've rolled out limited support for ssl on geekhack. https://geekhack.org will bring you to the TLS enabled version of the site, that encrypts and authenticates your password between our servers and your machine. in particular, you will need to tell your browser that it is ok to load _mixed content_ on geekhack.org

Quote

in google chrome:

on the right side of the location text field, there will be a shield icon. click the shield icon and then "load insecure content"

i will add instructions as people report issues.

byker · « **Reply #1 on:** Fri, 14 November 2014, 19:29:16 »

I have done that, but it automatically switches back to regular http after I load a different page on gh, for example when I click to write a reply.

Coreda · « **Reply #2 on:** Fri, 14 November 2014, 19:48:04 »

Good stuff! Problem is allowing the mixed content only works per-page or seems to be a temporary setting (at least in Firefox), and otherwise the GH stylesheet breaks completely :/

Also found that currently adding 'www' returns a 403 error page.

Quote from: byker on Fri, 14 November 2014, 19:29:16

I have done that, but it automatically switches back to regular http after I load a different page on gh, for example when I click to write a reply.

This too.

mkawa · « **Reply #3 on:** Fri, 14 November 2014, 20:14:40 »

this may be fixed.

iMav · « **Reply #4 on:** Fri, 14 November 2014, 20:22:19 »

I think it works pretty darned good now.

inanis · « **Reply #5 on:** Fri, 14 November 2014, 20:23:09 »

Yah for HTTPS!

Maybe it is just me, but your root cert doesn't appear to be trusted by all browsers. I see it just fine in IE and Chrome, but Firefox and Chrome on my phone both say the cert is untrusted and shows no chain.

iMav · « **Reply #6 on:** Fri, 14 November 2014, 20:39:25 »

Chrome and Safari on OS X seem happy with the cert. IE and Chrome on Windows don't complain. iPhone trusts the cert as well.

The SSL cert was donated...so I didn't choose the certificate authority.

mkawa · « **Reply #7 on:** Fri, 14 November 2014, 20:44:42 »

CAs on phone distributions are always a PITA. your phone's android distribution could be > a year old depending on your carrier, manufacturer, etc. etc. etc.

just push on through

Coreda · « **Reply #8 on:** Fri, 14 November 2014, 21:12:01 »

It works now - nice fix, mk.

mkawa · « **Reply #9 on:** Fri, 14 November 2014, 21:14:57 »

all imav

inanis · « **Reply #10 on:** Fri, 14 November 2014, 21:18:03 »

Totally understand - free is good!

If it helps at all, I think the issue I was seeing isn't the root, but part of the chain. Specifically the COMODO RSA Domain Validation Secure Server CA certificate. Sometimes this can happen if the full chain isn't installed, or, and perhaps more likely, it could just be that my browser isn't having it. Either way, I appreciate the HTTPS so I'm not going to complain.

Thanks!

strict · « **Reply #11 on:** Fri, 14 November 2014, 21:46:06 »

Appreciate the effort to move us to SSL/TLS!

I did notice that ever since the upgrade my tapatalk hasn't been working. I thought maybe I needed to log out and back in but I haven't been able to sign back in after logging out.

Edit - Looks like we're also missing the intermediate certs - https://www.sslshopper.com/ssl-checker.html#hostname=https://geekhack.org

byker · « **Reply #12 on:** Fri, 14 November 2014, 22:23:24 »

Working now imav!

CommonCurt · « **Reply #13 on:** Fri, 14 November 2014, 22:58:25 »

Quote from: strict on Fri, 14 November 2014, 21:46:06

Edit - Looks like we're also missing the intermediate certs - https://www.sslshopper.com/ssl-checker.html#hostname=https://geekhack.org

Yep, my mobile browser is giving me **** about the certs.

jdcarpe · « **Reply #14 on:** Fri, 14 November 2014, 23:00:47 »

Firefox on Xubuntu complains about the certs.

user 18 · « **Reply #15 on:** Sat, 15 November 2014, 00:09:45 »

Chrome on Linux Mint and on Crunchbang Linux accepts the certificate. Tapatalk isn't working for me either on stock Android 4.4.4 anymore, and chrome for android also doesn't like the cert here.

iMav · « **Reply #16 on:** Sat, 15 November 2014, 01:10:03 »

How does it look now?

CPTBadAss · « **Reply #17 on:** Sat, 15 November 2014, 01:18:45 »

Tapatalk isn't working.

user 18 · « **Reply #18 on:** Sat, 15 November 2014, 01:20:01 »

Chrome on android is happy now, it seems

iMav · « **Reply #19 on:** Sat, 15 November 2014, 01:21:55 »

Quote from: user 18 on Sat, 15 November 2014, 01:20:01

Chrome on android is happy now, it seems

Ok, cool. Looking into Tapatalk right now.

iMav · « **Reply #20 on:** Sat, 15 November 2014, 01:27:45 »

Tapatalk works fine. Just need to delete and re-add the forum.

(Posting this from Tapatalk)

CPTBadAss · « **Reply #21 on:** Sat, 15 November 2014, 08:32:31 »

Got it working now after deleting and re-adding the forum. Thanks imav!

strict · « **Reply #22 on:** Sat, 15 November 2014, 09:01:29 »

Quote from: iMav on Sat, 15 November 2014, 01:10:03

How does it look now?

Everything looks good here (intermediate cert and tapatalk). Thanks for your work!

Tiramisuu · « **Reply #23 on:** Sat, 15 November 2014, 10:51:25 »

kudos.

user 18 · « **Reply #24 on:** Sat, 15 November 2014, 12:18:55 »

Working now, thanks

SpAmRaY · « **Reply #25 on:** Sat, 15 November 2014, 14:19:41 »

Tapatalk isn't working for me.

mkawa · « **Reply #26 on:** Sat, 15 November 2014, 14:25:47 »

have you tried deleting the forum and adding it again?

also, what version of tapatalk?

SpAmRaY · « **Reply #27 on:** Sat, 15 November 2014, 14:57:35 »

Quote from: mkawa on Sat, 15 November 2014, 14:25:47

have you tried deleting the forum and adding it again?

also, what version of tapatalk?

That worked. 4.9.5

geniekid · « **Reply #28 on:** Sat, 15 November 2014, 15:44:13 »

Yay! This is probably one of the most important things to happen to this site that almost none of the users will care about

swill · « **Reply #29 on:** Sat, 15 November 2014, 23:13:42 »

Quote from: SpAmRaY on Sat, 15 November 2014, 14:19:41

Tapatalk isn't working for me.

Tapatalk is no longer working for me either. I suspect it has something to do with the SSL roll out, but I do not know that for sure.

swill · « **Reply #30 on:** Sat, 15 November 2014, 23:16:34 »

Quote from: SpAmRaY on Sat, 15 November 2014, 14:57:35

Quote from: mkawa on Sat, 15 November 2014, 14:25:47
have you tried deleting the forum and adding it again?

also, what version of tapatalk?

That worked. 4.9.5

Woops, I should have read this before I posted... I just removed and re-added Geekhack and it is working again. Thanks...

Coreda · « **Reply #31 on:** Mon, 17 November 2014, 01:21:32 »

So, I'm not sure if it's the move to SSL or just something on my end, but I've been noticing that after signing in via the top-left fields while viewing a thread it redirects me to a different thread, rather than the one I was on. In one case it opened a thread I had in another tab. Weird.

mkawa · « **Reply #32 on:** Mon, 17 November 2014, 19:41:40 »

i suspect i know what's going on with that, but if it's benign, i think we're better of leaving that one alone.

rowdy · « **Reply #33 on:** Mon, 17 November 2014, 21:34:21 »

I'm not sure if it is related to SSL, but I only started noticing this at home and work since SSL has been in place.

When I load a thread with unread topics, the text on the page seems to load fairly quickly, but then there is a long pause before the "unread" icon appears next to the unread threads. This is a bit distracting as I click those icons to visit the first new post in each of the relevant threads.

News:

Author Topic: https://geekhack.org -- limited SSL support deployed (Read 12360 times)