https for server

edited January 2017 in General

I am not able to use https on the I do not know how this server ist hosted, however there is a project that allows to genereate valid cetrificates for https for free. These certificates are accepted by all major bowsers.

If the installation would be running on Plesk this can even be installed as a module.

As we log in with a password on the forums it would be much safer, if https would be active.



  • edited January 2017

    Hi Luis,

    you can already use https (and should do so), but is hosted with some basic hosting package that only comes with a self-signed certificate. You have to accept the security exception. I cannot exchange the certificate - they just offer me to buy an strong one. And not earning money means I don't have any to spend. (currently used for downloads and SVN) is actually using Plesk, but I have not migrated the forum yet. Vanilla has evolved substantially and in a non-backward compatible way, so this would mean a loss of all accounts. So for now it's better to live with a security exception. I will never ask you to enter sensitive data, so I think that's a fair offer. But decide yourself.

    Another option was to move entirely to GitHub for example, but who knows how long they will stay friendly.


  • edited November -1

    Hi Matthias,

    I am also interested in using HTTPS. Could you confirm the contents of the certificate, such as the Common Name (CN) and Organisation (O) fields, as well as one of the checksums so we can be sure we're talking to the correct server?


  • edited November -1

    Hi all,

    I'm currently trying to obtain a signed certificate. But I doubt that I will be able to consistently enable Vanilla for both https and http - I need to check first, whether I can entirely switch over to https.

    But frankly, I don't think we have a fair deal here. Please note that this and every other activity here is purely on my private account and I should rather spend my nights sleeping that doing this stuff. I don't really see it makes sense. None of you both have disclosed his (or her?) identity, so what do you have to loose? You should never post private data here anyway and I'm busy enough keeping spammers away that sneak in through the open front door. And please don't tell me about "state of the art". I don't run a sensitive e-commerce site here.

    Or is it just about challenging me?

    I don't need that. Believe me.


  • edited January 2017

    Anyway, it's https - and only https - now with a signed (but weak) certificate.

Sign In or Register to comment.