Invalid SSL Certificate for MacRumors.com

yillbs

macrumors 6502
Oct 2, 2015
381
157
Texas
Probably doing work.. something like that rarely gets over looked. Not that it matters, their is absolutely no reason to need SSL on a site like this, I think people assume they need it, and sites like this, and everyone else hops on board, wasting money, and configuring the crap because the public doens't really know what it does.
 

yillbs

macrumors 6502
Oct 2, 2015
381
157
Texas
Exactly. *Maybe* the login box should use it. Maybe. Anything else, who cares.
Thank you! You have NO IDEA how many people go to one of my sites and email us saying " no ssl, i refuse to use your website ", and i'm talking static sites here! Ugh, I hate how uneducated the internet users are becoming with tech that doesn't involve a watch, a phone, or a tablet :p

haha!
 

ravenvii

macrumors 604
Original poster
Mar 17, 2004
7,582
490
Melenkurion Skyweir
Thank you! You have NO IDEA how many people go to one of my sites and email us saying " no ssl, i refuse to use your website ", and i'm talking static sites here! Ugh, I hate how uneducated the internet users are becoming with tech that doesn't involve a watch, a phone, or a tablet :p

haha!
Rare as it may be, even with a static site you're leaving yourself open to man-in-the-middle attacks.

But for MacRumors, we're not exactly talking about static sites, are we?
 

yillbs

macrumors 6502
Oct 2, 2015
381
157
Texas
Rare as it may be, even with a static site you're leaving yourself open to man-in-the-middle attacks.

But for MacRumors, we're not exactly talking about static sites, are we?
MacRumors isn't static, but their is -nothing- here that would even apply to that. it's an open forum, where communication is shared openly. If it's altered, we'd know. Instant messages ( maybe ), but even then not happening, knowing the person sending, timing, etc. Those types of attacks are dated, and really don't even apply.

So as the last guy said, maybe on the login system, but no offense, i think i'd survive if someone managed to grab my username and password from mac rumors. Even then, it's a stretch, a big one.
 

ravenvii

macrumors 604
Original poster
Mar 17, 2004
7,582
490
Melenkurion Skyweir
MacRumors isn't static, but their is -nothing- here that would even apply to that. it's an open forum, where communication is shared openly. If it's altered, we'd know. Instant messages ( maybe ), but even then not happening, knowing the person sending, timing, etc. Those types of attacks are dated, and really don't even apply.

So as the last guy said, maybe on the login system, but no offense, i think i'd survive if someone managed to grab my username and password from mac rumors. Even then, it's a stretch, a big one.
You, maybe. That person stupid enough to use the same password for MacRumors and a banking account, not so much.

The truth of it is, SSL is already implemented here. They simply need to get a new certificate, which costs a whopping $9 a year. So why not?
 

leesweet

macrumors demi-god
Feb 1, 2009
1,054
247
Northern Virginia, USA
The cert in place has about 30 names on it for all sorts of things; I'm not sure what happens; perhaps the hosting company messed up? Anyone can see all the sites the cert is for, use your browser and look for the 'more info' on the certificate when you come here using SSL. Someone really messed it up, and perhaps no one ever checked it because no one uses SSL with MR. :)
 

gnasher729

Suspended
Nov 25, 2005
16,996
3,932
Thank you! You have NO IDEA how many people go to one of my sites and email us saying " no ssl, i refuse to use your website ", and i'm talking static sites here! Ugh, I hate how uneducated the internet users are becoming with tech that doesn't involve a watch, a phone, or a tablet :p

haha!
Tell that to Apple which in iOS 9 will automatically try to perform any web traffic using https and reject http-only servers (unless the application takes specific action to allow such traffic). The safest method is to use https for everything. Much safer than deciding which sites need https and which sites don't, and getting it wrong.
 

29er

macrumors member
Jan 28, 2013
53
1
@SandboxGeneral is correct. www.macrumors.com is not configured to use SSL certificates so if you try to visit the secure version of the site, you'll get that "error". you will also get that "error" if you try to visit any other site that is not configured/has SSL disabled (ex: cnn.com)
 
Last edited:

jonthanfielding

macrumors newbie
Oct 21, 2015
1
0
Probably doing work.. something like that rarely gets over looked. Not that it matters, their is absolutely no reason to need SSL on a site like this, I think people assume they need it, and sites like this, and everyone else hops on board, wasting money, and configuring the crap because the public doens't really know what it does.
I am a web developer and the entire industry is shifting towards HTTPS for a number of reasons:

  • It prevents man in the middle attacks, you know the website your visiting has the content that you expect. A man in the middle could inject malicious code into the webpage that captures the username and password you enter to login to the forum. They could then try to use the login details on other sites to get access to you amazon account, your itunes account etc.
  • For websites to take advantage of many of the new features in browsers they will have to use HTTPS, a new technology called ServiceWorker for example insist on HTTPS. ServiceWorker is the tech that allows websites to send push notifications, store content offline on your device etc.
  • Even more important, HTTP2, the faster protocol for loading content across the internet requires HTTPS so to load sites faster the website needs to use HTTPS.

There are so many other reasons to use SSL that i wont list here, but its not about jumping on the bandwagon, its something all websites need to do.

There is a big initiative at the moment to make all websites use HTTPS, and part of it is a thing called Lets encrypt https://letsencrypt.org/ which allows people to install SSL (HTTPS) on their site for free.
 

lordcris

macrumors newbie
Sep 29, 2015
2
6
Pretty pathetic for a site with millions visitors per month to not have a valid SSL certificate.
 

C DM

macrumors Sandy Bridge
Oct 17, 2011
48,840
17,489
Pretty pathetic for a site with millions visitors per month to not have a valid SSL certificate.
Perhaps you missed or misunderstood the actual discussion and its findings in this thread?
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.