Major Site Update: HTTPS/SSL Support

[BowhunterNJ]

Hey guys and gals, just wanted to let you know I am in the process of converting the site to full HTTPS/SSL to give you guys that warm fuzzy feeling of being ultra secure while visiting the site! This really is just in an effort to promote better security, especially as new transaction based features get rolled out, as it will help protect your personal information!

 

From a member's perspective, everything *should* remain the same in respect to navigating the site. There may be some hiccups during the transition, so if you see any issues, please do report them.

 

 

For those that want more info on this update, or are super geeks like Haskell_Hunter...

 

You should see most pages will not contain the https:// identifier and a certificate bound to it as depicted in the following images.

 

This is the new address bar will appear under most conditions, as often times content gets linked from external entities (i.e. images/videos from other sites that may not be running under HTTPS). This only means that some of the content being displayed is not secure, but the content being served via NJ Woods & Water will be.

 

 

When all of the content is 100% secured via HTTPS, you will see the following type of address part with the green bar and the company name, that should make you REALLY warm and fuzzy!

 

 

And if you click the little icon to the left of the HTTPS:// in the address bar, you'll see the certificate for the site.

 

 

That's all I have for now, but again, if you see any issues at all, please let me know and I'll get them sorted out ASAP!

[Matty]

Thank God!

 

The https and ssls were so ten minutes ago.

 

This was of major concern to me. I'm so excited that you're going to fix it....So exhilarating in fact, my floppy disk turned into a hard drive!

 

I'd really like to see what we can do about the www thing too....maybe upgrade to yyy or zzz.

 

I'd just feel better about the site if you could make those changes...MMMMK? Thanks....

Edited February 25, 2014 by Matty

[BowhunterNJ]

I'm also creating a new Timeout Forum...and putting Matty in there!

 

[Matty]

lol

[Hatchet]

yea.....no ! me  no comprende mierda

[Haskell_Hunter]

Did you get a UCC or wildcard cert?  You probably want to force your mail server to use TLS as well. 

 

Is is the site single-tier or two?  You should cert the dB as well, hence the UCC. 

[Bucksnbows]

Well now I see this after chasing you down with an issue I had  

 

Good to see site security upgrades.  I thought your site had been hacked there for a minute....and it was just an old bookmark on my end.

[BowhunterNJ]

Did you get a UCC or wildcard cert?  You probably want to force your mail server to use TLS as well. 

 

Is is the site single-tier or two?  You should cert the dB as well, hence the UCC.

I got a Extended Validation (EV) SSL Certificates. I only have one domain (well two if you consider www and non-www versions, but it supports both), not porting to subdomains so opted out of the wildcard matching.

I'm NOT a security/server admin, so learning as I go...next time I'm working with you on this!

Honestly, this was to help support secure transactions in the future (as I will open the storefront here and handle things like donations directly).

Likewise many apps/sites out there are running full SSL for all content, so I figured I'd upgrade the entire site versus just the storefront.

I'll have to double check on the mail server security and DB security.

 

BnB, I fixed that issue, now the old bookmarks will redirect OK without warning. This is mainly due to the old NJFNG links

[Haskell_Hunter]

I went with a UCC for my site because I use more than one server to host services. So being able to extend the same cert to mail. www. dB. was really handy to have. From a security perspective, splitting the services onto different boxes protects the environment. Just because you got onto my app server doesn't mean you'll be able to access my mail, admin, or data. 

 

Oh, and re-certing all of your services is going to suck. Depends on the platform, but it is annoying to do. 

 

Regardless, it's a really good move, and I'm glad you took the initiative to do it.

[Palawman30]

There is now steam coming out the sides of my commodore 64.............................

[Matty]

Says "reboot".

 

I've tried on three different pairs now and nothing has changed. I guess I'll try my knee high rubber boots....

[BowhunterNJ]

Says "reboot".

 

I've tried on three different pairs now and nothing has changed. I guess I'll try my knee high rubber boots....

 

Have you tried these?

 

 

[Haskell_Hunter]

Can we add a button similar to the "Like This" button that instead says, "This Is Disturbing"?

[Matty]

As long as it won't get me banned...

[deerslayer01]

why is my screen blue...its weird