Update ssl certificate #161

Closed
amalloy opened this Issue Oct 13, 2011 · 3 comments

Comments

Projects
None yet
3 participants
@amalloy
Owner

amalloy commented Oct 13, 2011

Our certificate seems to only be good for 4clojure.com, not www.4clojure.com, so anyone going to https://www.4clojure.com gets warnings from their browser.

@dbyrne

This comment has been minimized.

Show comment Hide comment
@dbyrne

dbyrne Oct 15, 2011

Owner

@amalloy you should have access to log inr and check the certificate now, but I don't think that should be an issue. I definitely tested with www.4clojure.com when I originally set up SSL. This is the error message I am getting from Chrome:

Your connection to www.4clojure.com is encrypted with 256-bit encryption. However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the behavior of the page.

Owner

dbyrne commented Oct 15, 2011

@amalloy you should have access to log inr and check the certificate now, but I don't think that should be an issue. I definitely tested with www.4clojure.com when I originally set up SSL. This is the error message I am getting from Chrome:

Your connection to www.4clojure.com is encrypted with 256-bit encryption. However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the behavior of the page.

@amalloy

This comment has been minimized.

Show comment Hide comment
@amalloy

amalloy Oct 15, 2011

Owner

Oh, thanks. I didn't look very hard at the error it gave me, just
noticed the big old X over the https: scheme. In that case, this is
probably fallout from the multi-host-aware changes I made a while back;
I'll investigate it.

On 10/14/2011 06:27 PM, David Byrne wrote:

@amalloy you should have access to log inr and check the certificate now, but I don't think that should be an issue. I definitely tested with www.4clojure.com when I originally set up SSL. This is the error message I am getting from Chrome:

Your connection to www.4clojure.com is encrypted with 256-bit encryption. However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the behavior of the page.

Owner

amalloy commented Oct 15, 2011

Oh, thanks. I didn't look very hard at the error it gave me, just
noticed the big old X over the https: scheme. In that case, this is
probably fallout from the multi-host-aware changes I made a while back;
I'll investigate it.

On 10/14/2011 06:27 PM, David Byrne wrote:

@amalloy you should have access to log inr and check the certificate now, but I don't think that should be an issue. I definitely tested with www.4clojure.com when I originally set up SSL. This is the error message I am getting from Chrome:

Your connection to www.4clojure.com is encrypted with 256-bit encryption. However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the behavior of the page.

@ghost ghost assigned amalloy Oct 17, 2011

@tedpennings

This comment has been minimized.

Show comment Hide comment
@tedpennings

tedpennings Nov 16, 2011

It looks like the SSL errors are coming from http://static.4clojure.com

How much traffic is that? It might be cheaper to move that to AWS (and mooch off their *.s3.amazonaws.com SSL cert) than to buy and maintain another cert. Depending on the bandwidth, I might be able to cover the cost of the bucket.

It looks like the SSL errors are coming from http://static.4clojure.com

How much traffic is that? It might be cheaper to move that to AWS (and mooch off their *.s3.amazonaws.com SSL cert) than to buy and maintain another cert. Depending on the bandwidth, I might be able to cover the cost of the bucket.

@amalloy amalloy closed this Nov 22, 2011

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment