colinian Posted October 14, 2018 Report Share Posted October 14, 2018 We have set up SSL for both AwesomeDude and CodeysWorld. That means when you open either website, including stories and blogs and other internal links (but not external links), browsers like the latest version of Chrome won't complain that our sites are not secure. BTW, SSL is Secure Sockets Layer and requires an SSL Certificate for security. An SSL Certificate is a small data file that digitally binds a cryptographic key to a site's domain name. So AwesomeDude has an SSL Certificate and CodeysWorld has an SSL Certificate. Capitalization of a URL is not required, so using https://www.awesomedude.com and https://www.codeysworld.com are okay. You don't have to type https://www.etc each time; you can use a small browser addon thanks to the Electronic Frontier Foundation and the Tor Project. You can use HTTPS Everywhere, a Firefox, Tor Browser, Chrome, and Opera extension that encrypts your communications with many major websites, making your browsing more secure. It does not prevent you from going to websites that aren't set up with SSL. Go to https://www.eff.org/https-everywhere and install HTTPS EVERYWHERE by opening your browser, clicking on the https-everywhere link here, then clicking on the icon on the https-everywhere page for your browser. After installing it in Chrome you'll have to enable it; there's a link to do so that will be displayed at the top of your Chrome page. Some browsers will be including this feature automatically. Colin Link to comment
Bruin Fisher Posted October 15, 2018 Report Share Posted October 15, 2018 Well, firstly, I'm sure I speak for the community when I say thank you to the team for the hard work that has resulted in this upgrade. Secondly, can someone explain it in a bit more detail for me? I understand that a webpage with an address that begins https:// instead of http:// is a webpage that is in some manner more secure, there's some assurance that the site must be what it claims to be, and communication between the server and the client (me) is encrypted, which should ensure that no nasty spooks have intercepted (and possibly changed) the data before it arrives on my screen. But I thought that all happened automatically in a modern browser, so why do I need to install https-everywhere? What does that do? Bruin, a bear of very little brain... Link to comment
colinian Posted October 16, 2018 Author Report Share Posted October 16, 2018 There's a good explanation of HTTPS Everywhere on the Symantec website: https://www.websecurity.symantec.com/security-topics/https-everywhere Colin Link to comment
Bruin Fisher Posted October 17, 2018 Report Share Posted October 17, 2018 Thank you Colin. I checked out the piece on the Symantec site, thanks for the link. Am at least slightly less confused now... ? Link to comment
colinian Posted October 19, 2018 Author Report Share Posted October 19, 2018 Thanks Bruin. We'll try to keep everyone informed, but with something this complex — and only partially implemented across sites — it's tough to keep up. The Symantec explantation is the best available for now. BTW, there are annoyances using HTMLS Everywhere with some browsers, Chrome in particular. Colin Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now