Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Why not even a self-signed HTTPS certificate?

Code of conduct, suggestions, and information on forums.debian.net.
Message
Author
User avatar
GarryRicketson
Posts: 5644
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: Why not even a self-signed HTTPS certificate?

#21 Post by GarryRicketson »

by kedaha » after installing the Debian packages for letsencrypt on my server which runs apache2. And I was able to set it up in no time at all.
From: https://www.wordfence.com/blog/2017/04/ ... -phishing/
====
We even managed to get an SSL certificate for our demonstration attack domain from LetsEncrypt . Getting the SSL certificate took us 5 minutes and it was free. By doing this we received the word ‘Secure’ next to our domain in Chrome and the little green lock symbol in Firefox
I know it is a old topic, but any way, just because a site has a ssl certificate,
does not mean it is secure, nor that it is the site one thinks it is.
One thing though, not having the "https", results in the site no longer showing
in the google search results, if it does show at all it is way down at the bottom,
the "https" sites get listed first.
The browsers now , also are making it harder to visit http sites, giving a warning, claiming it is not secure,...
Interesting approach, the browser tells
me, this site is not secure because it does not use SSL, but they set a default
setting, so that if I go to a site using the "punny code" ,
"Do a search for ‘punycode’ without quotes" (see the article)
The default setting does not tell me or give me any warning, that the site is
not the one I think it is. I wonder why they put the default setting that way ?
--------------------------
Postby kedaha »One advantage of letsencrypt is that the option to access the site via https could be implemented easily in addition to http for users who prefer it.
This would be the ideal situation, as I mentioned earlier, some one struggling with a crippled system, could have trouble accessing if it is https, that would give them a alternative.
The other advantage, is having a https url (ssl certificate), would get this site back into the google search results , when people do do a search for solutions to problems, that have been solved here.
All though it seems to come up pretty good on other search engines, it is not
showing in google and startpage as much as it used to, I don't know if any body else has noticed that, I have.
After all said and done though, only the server/site owner, admin can do this,
and if he does not want to, or does not have the time,..it will not happen.

Post Reply