HTTPS. When are we getting it?

gooseneck · 24-08-2020, 01:42 PM

I'm willing to donate but only if we get a HTTPS certificate.

**cs123** · 24-08-2020, 01:53 PM

https://fordforums.com.au

raceteam · 24-08-2020, 02:08 PM

Has been https for ages. Are you saying there was an expired cert?

gooseneck · 24-08-2020, 07:43 PM

Its okay. I think there is a problem with just me.

I wasn't and still aren't connecting with https for some reason. only http.

When I was logged in earlier I had a valid https connection, but I just closed my browser and logged out and loaded up fordforums.com.au and its http only again, I logged back in and its still http only.

Probably has something to do with my browsers privacy settings, maybe my cookie settings are too strict or an addon is causing issues.

gooseneck · 24-08-2020, 07:59 PM

Still no cake.

I removed all of the addons in firefox 79 and cleared the caches, toggled the privacy settings on and off, set everything back to default. Even installed https everywhere addon.

Still loading up as http only.

I'll do a reinstall of firefox see if that fixes things.

gooseneck · 24-08-2020, 08:05 PM

Thats weird. I used Microsoft Edge browser and its still showing up as not secure only on fordforums.com.au

Also removed and reinstalled firefox 79 and still the same thing.

Every other site uses https by default.

XA Coupsta · 24-08-2020, 08:15 PM

I also get 'not secure' for this site...

24-08-2020, 09:15 PM

This site doesn't appear to automatically redirect http to https so which one does your bookmark point to?

gooseneck · 25-08-2020, 02:06 AM

got nothing to do with bookmarks I think leesa. This issue is cross-browser.

I did some digging and apparently when I forcibly connect to "https://fordforums.com.au/ firefox warns me of a potential security risk ahead" and "secure connection failed"

Get the same "Warning: Potential Security Risk Ahead" whenever I type in https://www.fordforums.com.au/

Clicking on advanced I get:
"Someone could be trying to impersonate the site and you should not continue.

Websites prove their identity via certificates. Firefox does not trust www.fordforums.com.au because its certificate issuer is unknown, the certificate is self-signed, or the server is not sending the correct intermediate certificates.

Error code: SEC_ERROR_UNKNOWN_ISSUER

View Certificate"

The "Addtrust External CA Root" certificate appears to be expired, expiring in 30-05-2020.
Aswell as "Comodo RSA Certification Authority".

However "Comodo RSA Domain Validation Secure Server CA" is valid until 2029.

I think I found the problem.

Or rather Firefox did, good job Foxy. *Pats*

gooseneck · 25-08-2020, 02:13 AM

I'm just going to force Firefox to accept the certificate for now.

But yeah. Somethings screwy on their end with the certificate authorities.

**russellw** · 25-08-2020, 05:51 AM

The site does have a rewrite rule to redirect to https thanks leesa but there are some pages that deliberately don't get rewritten (like the tech portal).

If you are getting a message in your browser to tell you that the site is insecure then you have an unexpired cookie dating back to when the cert last expired - there was a thread at the time discussing that issue.

I use all 5 browsers for testing and none of them have an issue with the SSL cert.

gooseneck · 25-08-2020, 07:29 AM

I took a look at this thread:
http://www.fordforums.com.au/showthread.php?t=11483277

It appears to be the same issue however reinstalling firefox doesn't resolve this issue. Apparently reinstalling Firefox doesn't clear cookies. hah.

But clicking on the padlock icon and then going down to "Clear cookies and site data" does resolve the issue once I force the browser to go to https://

Why the Edge browser still has the same issue I'll never know.

Problem solved. Thanks russelw!

XA Coupsta · 25-08-2020, 09:42 AM

Thanks Gooseneck and RussellW that fixed it for me too. Sorry I must have missed the previous threads on this topic earlier.