When visiting https://www.macrumors.com, Safari says the certificate is invalid.
Just a heads-up to the admins.
Just a heads-up to the admins.
Invalid SSL Certificate for MacRumors.com
- Thread starter ravenvii
- Start date
- Sort by reaction score
Probably doing work.. something like that rarely gets over looked. Not that it matters, their is absolutely no reason to need SSL on a site like this, I think people assume they need it, and sites like this, and everyone else hops on board, wasting money, and configuring the crap because the public doens't really know what it does.
Comment
Thank you! You have NO IDEA how many people go to one of my sites and email us saying " no ssl, i refuse to use your website ", and i'm talking static sites here! Ugh, I hate how uneducated the internet users are becoming with tech that doesn't involve a watch, a phone, or a tablet
haha!
Comment
Rare as it may be, even with a static site you're leaving yourself open to man-in-the-middle attacks.Thank you! You have NO IDEA how many people go to one of my sites and email us saying " no ssl, i refuse to use your website ", and i'm talking static sites here! Ugh, I hate how uneducated the internet users are becoming with tech that doesn't involve a watch, a phone, or a tablet
haha!
But for MacRumors, we're not exactly talking about static sites, are we?
Comment
MacRumors isn't static, but their is -nothing- here that would even apply to that. it's an open forum, where communication is shared openly. If it's altered, we'd know. Instant messages ( maybe ), but even then not happening, knowing the person sending, timing, etc. Those types of attacks are dated, and really don't even apply.
So as the last guy said, maybe on the login system, but no offense, i think i'd survive if someone managed to grab my username and password from mac rumors. Even then, it's a stretch, a big one.
Comment
You, maybe. That person stupid enough to use the same password for MacRumors and a banking account, not so much.
The truth of it is, SSL is already implemented here. They simply need to get a new certificate, which costs a whopping $9 a year. So why not?
Comment
The cert in place has about 30 names on it for all sorts of things; I'm not sure what happens; perhaps the hosting company messed up? Anyone can see all the sites the cert is for, use your browser and look for the 'more info' on the certificate when you come here using SSL. Someone really messed it up, and perhaps no one ever checked it because no one uses SSL with MR.
Comment
To the best of my knowledge, MacRumors doesn't use SSL on the site, so you shouldn't use https in the address bar. @arn can verify this of course.
Comment
Thank you! You have NO IDEA how many people go to one of my sites and email us saying " no ssl, i refuse to use your website ", and i'm talking static sites here! Ugh, I hate how uneducated the internet users are becoming with tech that doesn't involve a watch, a phone, or a tablet
haha!
Tell that to Apple which in iOS 9 will automatically try to perform any web traffic using https and reject http-only servers (unless the application takes specific action to allow such traffic). The safest method is to use https for everything. Much safer than deciding which sites need https and which sites don't, and getting it wrong.
Comment
@SandboxGeneral is correct. www.macrumors.com is not configured to use SSL certificates so if you try to visit the secure version of the site, you'll get that "error". you will also get that "error" if you try to visit any other site that is not configured/has SSL disabled (ex: cnn.com)
Last edited:
Comment
I am a web developer and the entire industry is shifting towards HTTPS for a number of reasons:
- It prevents man in the middle attacks, you know the website your visiting has the content that you expect. A man in the middle could inject malicious code into the webpage that captures the username and password you enter to login to the forum. They could then try to use the login details on other sites to get access to you amazon account, your itunes account etc.
- For websites to take advantage of many of the new features in browsers they will have to use HTTPS, a new technology called ServiceWorker for example insist on HTTPS. ServiceWorker is the tech that allows websites to send push notifications, store content offline on your device etc.
- Even more important, HTTP2, the faster protocol for loading content across the internet requires HTTPS so to load sites faster the website needs to use HTTPS.
There are so many other reasons to use SSL that i wont list here, but its not about jumping on the bandwagon, its something all websites need to do.
There is a big initiative at the moment to make all websites use HTTPS, and part of it is a thing called Lets encrypt https://letsencrypt.org/ which allows people to install SSL (HTTPS) on their site for free.
Comment
Perhaps you missed or misunderstood the actual discussion and its findings in this thread?
Comment
to fix this open Terminal and run:
IT's Globalisgn's fault, they explain why they ****ed it up on this pdf https://downloads.globalsign.com/ac.../-/globalsign-incident-report-13-oct-2016.pdf
Globalsign said:
IT's Globalisgn's fault, they explain why they ****ed it up on this pdf https://downloads.globalsign.com/ac.../-/globalsign-incident-report-13-oct-2016.pdf
Comment