Not signed in (Sign In)

Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.

    • CommentAuthorluismaie
    • CommentTimeJan 9th 2017
     
    Hello,

    I am not able to use https on the KLayout.de. I do not know how this server ist hosted, however there is a project that allows to genereate valid cetrificates for https for free. These certificates are accepted by all major bowsers.

    https://letsencrypt.org/

    If the installation would be running on Plesk this can even be installed as a module.

    As we log in with a password on the forums it would be much safer, if https would be active.

    Best,
    Luis
    • CommentAuthorMatthias
    • CommentTimeJan 10th 2017 edited
     

    Hi Luis,

    you can already use https (and should do so), but klayout.de is hosted with some basic hosting package that only comes with a self-signed certificate. You have to accept the security exception. I cannot exchange the certificate - they just offer me to buy an strong one. And not earning money means I don't have any to spend.

    klayout.org (currently used for downloads and SVN) is actually using Plesk, but I have not migrated the forum yet. Vanilla has evolved substantially and in a non-backward compatible way, so this would mean a loss of all accounts. So for now it's better to live with a security exception. I will never ask you to enter sensitive data, so I think that's a fair offer. But decide yourself.

    Another option was to move entirely to GitHub for example, but who knows how long they will stay friendly.

    Matthias

    • CommentAuthorfriendfx
    • CommentTimeJan 11th 2017
     

    Hi Matthias,

    I am also interested in using HTTPS. Could you confirm the contents of the certificate, such as the Common Name (CN) and Organisation (O) fields, as well as one of the checksums so we can be sure we're talking to the correct server?

    Thanks!

    • CommentAuthorMatthias
    • CommentTimeJan 11th 2017
     

    Hi all,

    I'm currently trying to obtain a signed certificate. But I doubt that I will be able to consistently enable Vanilla for both https and http - I need to check first, whether I can entirely switch over to https.

    But frankly, I don't think we have a fair deal here. Please note that this and every other activity here is purely on my private account and I should rather spend my nights sleeping that doing this stuff. I don't really see it makes sense. None of you both have disclosed his (or her?) identity, so what do you have to loose? You should never post private data here anyway and I'm busy enough keeping spammers away that sneak in through the open front door. And please don't tell me about "state of the art". I don't run a sensitive e-commerce site here.

    Or is it just about challenging me?

    I don't need that. Believe me.

    Matthias

    • CommentAuthorMatthias
    • CommentTimeJan 11th 2017 edited
     

    Anyway, it's https - and only https - now with a signed (but weak) certificate.