Https

Losbot · Post by **Losbot** » Mon Apr 20, 2015 4:49 pm

What are the odds of having this board incorporate an SSL key?
Be nice to know that the network gods are not reading the traffic. Well, at least not easily.

I'd be willing to chip in toward the SSL certificate.

wvjohn · Post by **wvjohn** » Mon Apr 20, 2015 5:05 pm

If you ultra techs think it's a good idea, I'd be happy to throw some $$ in the hat.

Err · Post by **Err** » Mon Apr 20, 2015 5:42 pm

Count me in.

GuardianAsher · Post by **GuardianAsher** » Mon Apr 20, 2015 5:55 pm

I'll be happy to contribute.

Post by **FlyingPenguin** » Mon Apr 20, 2015 7:23 pm

I considered it at one time, only because Google is going to lower search rankings in the near future for non-SSL sites, and I like to have any technical discussions we have available for public search. But honestly that's the only real reason that matters to me.

Most of this forum is public. As for the private areas, I couldn't care less if the NSA is is looking over my shoulders when I'm looking at pretty girls.

I can ask the host how hard/easy it would be to implement SSL. Not sure if it's included in our plan.

BTW: No guarantee the "networks gods" would be prevented from seeing everything here even with SSL. Most web hosts distribute backups between data centers. No guarantee our host encrypts those backups, and they can be intercepted in route.

Losbot · Post by **Losbot** » Mon Apr 20, 2015 10:26 pm

True but it'll thwart most nosy network admins or ISPs.

Post by **FlyingPenguin** » Sun Apr 26, 2015 8:21 am

I have looked into this. The cert is $15 a year which is no skin off my back.

I have researched on vBB forums and there are a few things that will need to be adjusted in the forum software. Mainly the default URL for the site and I have to edit the .HTACCESS file to force HTTPS on the whole website. Possibly I may have to adjust some explicit folder paths to point to HTTPS although forcing the whole site via .HTACCESS should negate that.

None of this sounds too scary, but I want to make sure I don't break anything. Want to do this after a website backup, and during a day when I have nothing going on.

Losbot · Post by **Losbot** » Sun Apr 26, 2015 7:03 pm

I'm willing to kick in $15 to help cover an additional year. I think the max you can get is either 5 or 3 yrs. Having done this in the past, it's better to just buy the maximum number of years so you don't have to deal with the aggravation of the browser complaining of an expire cert every single year.

Seriously, just tell me where or how to send you the $15 for an extra year.

Post by **FlyingPenguin** » Sun Apr 26, 2015 9:40 pm

I think I remember reading recently that 4 & 5 year certs were being discontinued at the end of 2015, so I'm guessing the max would be 3 years.

I'll ask their support people.

Losbot · Post by **Losbot** » Sun Apr 26, 2015 10:02 pm

So let me know. I'm in.

wvjohn · Post by **wvjohn** » Mon Apr 27, 2015 7:16 am

I'm in as well. LMK

Post by **FlyingPenguin** » Thu May 14, 2015 3:38 pm

FOLLOW UP:

I am getting ready to implement this. It seems that if I force SSL on the entire domain via the .htaccess file, this should be a smooth transition with no problems. If something does go awry, I can disable forced SSL while I tinker. Needless to say I will backup the site first (which I do every month anyway).

I will let everyone know when it's about to happen, and remind everyone about the backup BBS if something gets broken.

wvjohn · Post by **wvjohn** » Thu May 14, 2015 3:56 pm

you the #1 techster !

Losbot · Post by **Losbot** » Thu May 14, 2015 5:31 pm

Thanks Bob!! You rock!

Post by **FlyingPenguin** » Thu May 14, 2015 6:04 pm

IT IS DONE!

HTTPS is being forced on the entire site.

Nothing seems to be broken, although you will probably have to login the next time you come to the BBS.