Site Help → Did the SSL cert for the site change?

Have been using »secure.dslreports.com and noticed recently a cert error. Tried going to »dslreports.com and got a new certificate shown above. Is this expected?

yes,
and the https site is www now not "secure".

I came to this forum to post this exact thing after just noticing it.

So you're saying we just navigate to https://www.dslreports.com instead of https://secure.dslreports.com from now on?

I shall edit my bookmark in that case.

secure redirects now.
but yes.

yup ok good stuff

Mine doesn't redirect like with »Security URL.

Also, shouldn't »broadbandreports.com work too?

do you have https anywhere or something?
Redirect is working. Or just change your bookmarks.

broadbandreports redirects to dslreports.com there was never a secure.broadbandreports.com SSL certificate.

Uh, no. »AT&T DSL doesn't redirect to »AT&T DSL automatically.

Bonus points if everything redirects to https so that things are always over SSL. Any chance this is can happen / is it in the roadmap?

well it seems I have a chicken and egg problem.

yes it does redirect, but it won't, because in order to get the redirect you have to pass through the incorrect certificate.. So I'll ponder this for a bit.

I've changed the IP of secure.dslreports.com, and it serves the old certificate.

then it redirects.

At some point, that would be the final destination, however I'm not going to rush into it for reasons of google and performance tuning of https.

Thanks.

Also, e-mail notifications still show insecured http links. Maybe fix that too.

email notifications have always shown http by default.

I don't actually want the site to push everyone to https at least at the moment so I'll leave default URLS as they appear. The canonical URL for every page, is the non https one.

There's another idea I have seen. How about an option to let logged in users always use SSL in their (DSL/B)R accounts?

Aw..geez...you mean that eventually I will be forced to mess with the Proxomitron and add ability to it to filter SSL sites also? I really don't want to have to do that! Currently, I avoid sites that puff themselves up with some notion of false security and privacy making themselves ssl only. That is needed ONLY on banking sites and ones like if you are filing your taxes online (which I don't do) or on a page where you must enter credit card information. But a site that is mostly forums? Why in the world would a site like this need wall to wall encryption? That's nuts IMO.

Talk to google.
They are going making it a google index ranking signal.

»googlewebmastercentral.b ··· nal.html

Thanks for the link. That helps me understand why you will eventually have to do it.

I still think it is smoke and mirrors and Google must have some ulterior motive for pushing this because https everywhere extension, etc. does NOT make everyone safe! It's misleading. Maybe they are so gung ho about it because it will hurt IE. Microsoft encrypts their pages now and that results in IE 10 on Windows 8 constantly complaining about blocking insecure portions of Microsoft's pages.

All Microsoft pages on IE 10 show broken for encryption. You can't get rid of the complaint as it comes right back. (Other browsers refused just now to download .NET patches so I had to resort to IE 10 and it was so distracting getting constant warnings about encryption that was not done correctly). Since Microsoft can't get it right on their own pages for their own browser maybe Google thinks that will result in more people using Chrome. What it makes me think is that I dread this unnecessary trend which doesn't make me feel the slightest bit more "secure" or "private".

i think they are still annoyed that the nsa listened into their data center traffic and believe https by default is something to work towards because it makes that kind of data vacuuming harder to do.

I think you probably hit the nail on the head...much more so than my thoughts. I should have thought of that myself.

said by justin :

---

i think they are still annoyed that the nsa listened into their data center traffic and believe https by default is something to work towards because it makes that kind of data vacuuming harder to do.

---

Yea but they dont even I dont think understand this does NOTHING if the ones they are cooperating with are behind this!!!! (They may want everyone thinking they are secure when they are not)

SSL is mainly only needed for banking sites,etc Like MELE said..... Its not good to force SSL on a site like yours Justin.... What good does it do mate??

Nothing really secure here......... SSL can cause more problems than not....

Unsecure logins can be captured, and used by others. Most major services force, or at least offer a secure login now.
»www.buzzfeed.com/justine ··· llzY9YDo

For those who use public wifi secure connections, and vpn are your friends.

Ya I suppose that can be true ON ANY SITE......... (Banking or not)

Yep, and the frequency with which people re-use credentials on multiple sites means you sniff one account password & you've (potentially) got them all.

Huh? This site already has secure login. (Besides why should there be an obligation to make many of us responsible users miserable just so that IRRESPONSIBLE users are SUPPOSEDLY "protected")?

This isn't about a secure login page anyway. This is about the ENTIRE SITE being encrypted because Google wants it and has the power to force it if this site wants to keep its well earned and deserved rankings.

None of you have ever had a single problem with fully encrypted sites? I have had many problems and as a result I avoid sites that do this...this site would be my only exception.

What's wrong here is that all of us have allowed Google to amass too much power. Now Google is calling in some chips and we all will suffer even the ignorant of computers user (for whom Google claims they are doing this).

Besides it is all smoke and mirrors and a gigantic joke on the users since very few users have ever tried to even superficially understand the cert system. Until that gigantic mess is cleaned up (probably never judging by the progress to this point) "secure" websites is a big fat farce. (I personally know the owners of Godaddy as they love Hilo...so at least one bright spot here is that Justin got away from them).

I agree.... There is no reason for it..... GOOGLE isnt the only RIGHT ONE out here on the internet!!!

I think its nice Justin allows us members to decide if we wanna use HTTPS or not here........(Most sites do)
 

The only kind of a site I would not like using HTTP on is an email site as those packets are quite easy to sniff!! (And I am on 1 in fact... I dont use it for anything really important just in case)