Page 1 of 1
HTTPS
Posted: Wed May 02, 2018 7:59 pm
by ZS-SAS
We seem to have lost the Hyper Text Transfer Protocol Secure rating on here.
The certificate is outdated by the looks of it...How come? Should I be concerned? lol
Re: HTTPS
Posted: Wed May 02, 2018 8:48 pm
by J-banks
Mods are actually lizard squad and are going to hack your toasters via your email and username.
Re: HTTPS
Posted: Wed May 02, 2018 9:04 pm
by ZS-SAS
we've had a large absence of dad fucking recently
Re: HTTPS
Posted: Thu May 03, 2018 1:42 am
by VerifiedVendorsList
Just removed a comment on here as it was spreading unnecessary FUD and was partially untrue.
To answer the question, there is nothing to be concerned about. The SSL certificate we were using was perfectly adequate for our purpose and size but runs in 90 day cycles. This should have been automated and evidently has expired. The site has not in anyway been breached and this will be re-instated ASAP.
For the record, the SSL certificate issuer we use is the largest certificate issuer of websites, is backed by leading companies such as Mozilla and uses RSA 2048-bit encryption so it's completely absurd to suggest a paid SSL cert is required for better security.
It's also worth mentioning that simply having a SSL certificate does not fully secure a site. It ensures encrypted communications with the authentic site but regardless 95% of SSL servers are still vulnerable to MiTM attacks.
Apologies for any inconvenience this may have caused and the delayed response - should be sorted soon.
Re: HTTPS
Posted: Thu May 03, 2018 6:34 pm
by Runin28
VerifiedVendorsList wrote: ↑Thu May 03, 2018 1:42 am
Just removed a comment on here as it was spreading unnecessary FUD and was partially untrue.
To answer the question, there is nothing to be concerned about. The SSL certificate we were using was perfectly adequate for our purpose and size but runs in 90 day cycles. This should have been automated and evidently has expired. The site has not in anyway been breached and this will be re-instated ASAP.
For the record, the SSL certificate issuer we use is the largest certificate issuer of websites, is backed by leading companies such as Mozilla and uses RSA 2048-bit encryption so it's completely absurd to suggest a paid SSL cert is required for better security.
It's also worth mentioning that simply having a SSL certificate does not fully secure a site. It ensures encrypted communications with the authentic site but regardless 95% of SSL servers are still vulnerable to MiTM attacks.
Apologies for any inconvenience this may have caused and the delayed response - should be sorted soon.
Sorry, didn't mean to tell you how to run your site. Not going to argue.