i have read some of the threads here where questions have been raised about the wisest approach for using encryption and certificates with elgg. the conclusion is that encryption is necessary for logins as a minimum.
since, like domain names, the 'trust' industry has already been hijacked by ones i don't trust; who offer to sell certificates of trust and the browsers offer alerts that your site is not 'trusted' if you use a 'self generated' certificate.. does anyone here have any ideas i may not be aware of, of how to run a free certificate without triggering the browser 'UNSAFE SITE' warnings?
i know there are one or two groups that claim to offer free certificates.. without naming names, i attempted to begin setting up a certificate with them and one group only offered the service if you are within the usa border and the other (who i spoked to by phone) seemed highly untrustworthy themselves!
i really don't see how paying a group that you have never met to issue you with their brand of certificate is any type of guarantee of security at all. with this system in place, sites that attempt to activate encryption for free, even with encryption certificates that are of greater ability than the 'paid for' ones, will be identified as being 'threats'.. when in reality they are safer.. i am wondering if this is actually part of the plot to de-rail encryption algorithms and thus to prevent real encryption being used, while earning large amounts of cash.
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by Raül Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
ok am gonna have a look!
NO WARNING! ^_^ am gonna use them too now its free and no warning v nice!
the one i am using now is 256 bit encrytion but its a trial, for 256 bit encryption i think its 6 dollars to verify your identity, looks good and is verified by a official cert , CLASS 1 PRIMARY - Intermediate server CA, sounds good lol class 1 even though its the lowest sounds like the higest lol
mine uses 128 bit which means mine has less bits than yours... so it's more whole.. less fractured.. more secure.. lol.. /jk
when i type your site name as infiniteeureka.com in chrome in goes straight to https mine does not do that how can i do that please? also i need to change ssl to startssl i just add the new cert details in my cpanel and thats it?
i have read some stuff on startssl it says you have to verify every month or something like that or maybe i read wrong?
this link gives a tutorial for using startssl: http://arstechnica.com/security/2009/12/how-to-get-set-with-a-secure-sertificate-for-free/
to route all requests to the https link i changed the configuration file for the way my site is served by my webserver - nginx. if you are using cpanel then you probably don't have server root access so you would need to do it another way - possibly via a request to the server techs.
i didn't see that.. let me know if you do see that for sure.
That's a misunderstanding. Basic validations are indeed valid for one month (email/domain ownership), however they need to be valid only at the moment of certificate generation. The certificate itself is valid for a whole year. Seriously, check the details of my cert: https://v.srokap.pl/
- Previous
- 1
- ...
- 4
- 5
- 6
- 7
- 8
- Next
You must log in to post replies.