Home Open Account Help 265 users online

Railfan Technology > Trainorders Certificate Expired?


Date: 12/11/20 17:16
Trainorders Certificate Expired?
Author: wabash2800

And I get a message the site is unsafe. I would suppose something is flaky with my Windows 10?

Victor A. Baird
http://www.erstwhilepublications.com



Edited 1 time(s). Last edit at 12/11/20 17:17 by wabash2800.



Date: 12/11/20 17:24
Re: Trainorders Certificate Expired?
Author: kenN

I also got the "unsafe" message.  What's going on?  KJN



Date: 12/11/20 17:30
Re: Trainorders Certificate Expired?
Author: walstib

I got it when using my Mac just now.



Date: 12/11/20 17:47
Re: Trainorders Certificate Expired?
Author: SantaFeCF7

Got the same thing on my iPhone

Posted from iPhone



Date: 12/11/20 17:59
Re: Trainorders Certificate Expired?
Author: DocJohn

SSL can be difficult.  One of the websites I have for my consulting business is on GoDaddy.  SSL chnanged and I had to edit the .htaccess file that was part of my website to get things working right.  I had to do the same thing for my other business website that is on Arvixe.

John



Date: 12/11/20 20:21
Re: Trainorders Certificate Expired?
Author: gandydancer4

OK here. Clean as a whistle on my Mac Pro  ×   



Date: 12/11/20 22:15
Re: Trainorders Certificate Expired?
Author: dan

got the unsafe message too



Date: 12/11/20 22:33
Re: Trainorders Certificate Expired?
Author: dan

living dangerously here



Date: 12/12/20 08:35
Re: Trainorders Certificate Expired?
Author: bert14

Yes, I let the certificate expire.  Last February we had talked about changing cert issuers with my developer and I thought we did it, but we never did.  When the renewal emails came in I figured, big deal we are not using that certificate anymore.  Then when it expired, it was like oh crap.  It was pretty simple to get a new one, but still a process.  

Todd Clark
Canyon Country, CA
There is a false sense of security will SSL.  The warning you received said that the secure connection could not be autheniticated by a 3rd party, therefore it was considered unsafe.  It is a default of all web browsers to give a warning. SSL only ensures that your web connection to our site is secure. Think of a house, the front door may be locked, but it doesn't guarantee that someone can't get in through the unlocked back door. Don't misunderstand me, SSL is an extremely important security feature, but it is just one security feature of many and is the only one that is visible to the public entering a web site.

Unrelated to the above, I will share I take site security seriously and keeps me up at night.  There are just so many vulnerable spots for attack.  When my current developer came on six or seven years ago he began an incremental process of tightening the web site.  He has been reviewing every line of code and rewriting much of it.  The biggest worry is that a hacker can inject malicious code through an improperly written piece web coding.  Once injected it could be set to infiltrate a web site.   About 10 years ago we had one of these that got in, but it wasn't able to execute properly because of server security settings that prevented them from being able to root the server.  We caught it, but it took us a few weeks to find how they got in.  It turned out to be an old application that we had not updated in several years and that was an important lesson to keep the software updated.  In fact it wasn't even used anymore. We had replaced the application, but we neevr removed it from the server.  Although we use the old Phorum discussion system, it is no longer supported and my developer has rewritten much of it so it is supported by the next generation web applications. (IE PHP8 for those that are in the business and understand PHP). Once we get this rewrite done and rolled out we'll see about updating the public interface.  For now it is about getting the backend in good shape, a never ending project.

Today, access to the servers is only through an encrytion key and there are no passwords to crack.  I keep a key on two Macbooks and I can only gain access to the system through one of those two machines.  My developer also maintains keys as well. People are often worried about entering their credit card into the payment system. I have to have complete an annual PCI review of our payment system to ensure security protocols are maintained.  We are prohibited from maintaining credit card data on the web server. All card numbers are passed off directly to our merchant processor. If you are curious about PCI compliance read this totally boring summary of the process:  https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard
 

Todd Clark
Canyon Country, CA



Date: 12/24/20 21:29
Re: Trainorders Certificate Expired?
Author: yankeeclipper

Appreciate your diligence. Thanks!



[ Share Thread on Facebook ] [ Search ] [ Start a New Thread ] [ Back to Thread List ] [ <Newer ] [ Older> ] 
Page created in 0.0415 seconds