Anyone getting a msg to say this forum is not safe?

[RichardsUsername]

I have been getting this message too, on Vodafone fibre and google chrome

"Not secure with https crossed through?

Google Chrome ramped up security a long time ago. The web browser now requires a current ssl certificate to be installed on all websites otherwise the user gets the unsafe message. It's been ramped up to protect the user. In the main but also protects the website itself from hackers. Of course I could be wrong and you'll find this problem just goes away sooner or later.

 

[everydayupsanddowns]

Well, I’ve heard back from the forum architect - it isn’t that the certificate has expired, because it runs until May this year.

So that’s odd isn’t it!

 

[Bruce Stephens]

The web browser now requires a current ssl certificate to be installed on all websites otherwise the user gets the unsafe message.

But all web browsers have been doing that (or very similar) for a while. I think they all still permit connecting over HTTP (rather than HTTPS); I think Chrome has been threatening to disable that but I'm not sure what the status is. Regardless, I don't think forum.diabetes.org.uk permits connecting except over TLS (I think it automatically triggers a reconnection to HTTPS as most other websites do).

I've not noticed any warning messages like that (and the certificate looks fine, valid from 28 April 2023 to 28 May this year; one relatively recent change is that website certificates aren't supposed to last more than a year now).

I've no idea why some people have been getting a warning message. I've occasionally noticed the forums not being available for a little while (presumably because the software crashed or something) but I've not seen any warnings.

 

[RichardsUsername]

Well, I’ve heard back from the forum architect - it isn’t that the certificate has expired, because it runs until May this year.

So that’s odd isn’t it!

It is. It's a process of elimination at the end of the day. Something has changed and I would guess it's related to the certificate.

 

[RichardsUsername]

But all web browsers have been doing that (or very similar) for a while. I think they all still permit connecting over HTTP (rather than HTTPS); I think Chrome has been threatening to disable that but I'm not sure what the status is. Regardless, I don't think forum.diabetes.org.uk permits connecting except over TLS (I think it automatically triggers a reconnection to HTTPS as most other websites do).

I've not noticed any warning messages like that (and the certificate looks fine, valid from 28 April 2023 to 28 May this year; one relatively recent change is that website certificates aren't supposed to last more than a year now).

I've no idea why some people have been getting a warning message. I've occasionally noticed the forums not being available for a little while (presumably because the software crashed or something) but I've not seen any warnings.

I'm just stating the obvious having owned a q and a website for about 8 years and had the same problem myself. Something has changed and that could have been the ssl certificate running out. But evidently not. People can connect over htttp but google chrome doesn't like that.

 

[PerSpinasAdAstra]

I don't have any problems accessing the site using either Chrome or Firefox on a desktop.

The site does have a current SSL certificate installed. I checked the site using a few tools however and they all report a problem with missing 'Intermediate TLS certificates'. This might, maybe, cause security-related messages to appear for some people depending on what browser and platform they're using or possibly the security software (anti-virus or whatever) they have installed.

 

[RichardsUsername]

I don't have any problems accessing the site using either Chrome or Firefox on a desktop.

The site does have a current SSL certificate installed. I checked the site using a few tools however and they all report a problem with missing 'Intermediate TLS certificates'. This might, maybe, cause security-related messages to appear for some people depending on what browser and platform they're using or possibly the security software (anti-virus or whatever) they have installed.

It may be more than one thing. I've only got on here because I've gone from connecting via https to http.

 

[Bruce Stephens]

The site does have a current SSL certificate installed. I checked the site using a few tools however and they all report a problem with missing 'Intermediate TLS certificates'.

Ah, OK. The website is only giving the site's certificate (for *.diabetes.org.uk) and not any others. (I'd expect it to send at least the issuer for that (Sectigo RSA Domain Validation Secure Server CA). Maybe someone changed something with that and it's only causing a problem for some people.)

 

[RichardsUsername]

Ah, OK. The website is only giving the site's certificate (for *.diabetes.org.uk) and not any others. (I'd expect it to send at least the issuer for that (Sectigo RSA Domain Validation Secure Server CA). Maybe someone changed something with that and it's only causing a problem for some people.)

I've known server admins forget to switch the box on.

 

[PerSpinasAdAstra]

Ah, OK. The website is only giving the site's certificate (for *.diabetes.org.uk) and not any others. (I'd expect it to send at least the issuer for that (Sectigo RSA Domain Validation Secure Server CA). Maybe someone changed something with that and it's only causing a problem for some people.)

Indeed. If the browser or security plug-in only checks for a working, non-self-signed SSL cert it will succeed. If however it tries to verify that the cert was issued by a trusted authority it may fail due to missing intermediate certs.

 

[Bruce Stephens]

If however it tries to verify that the cert was issued by a trusted authority it may fail due to missing intermediate certs.

I think all web browsers will require (and verify) a full chain (up to one of the built in trust anchors). I guess some browsers (or operating systems) might just not have the intermediate CA's certificate.

 

[PerSpinasAdAstra]

I think all web browsers will require (and verify) a full chain (up to one of the built in trust anchors). I guess some browsers (or operating systems) might just not have the intermediate CA's certificate.

Good point. In that case just updating the browser to the latest version might solve the problem?

 

[Bruce Stephens]

In that case just updating the browser to the latest version might solve the problem?

Might. Or the relevant store might be managed by the operating system. (Some web browsers manage their own set of trust anchors and other certificates.)

(If an application's missing such a certificate all isn't lost: certificates can (and usually do) have an extension (Certificate Authority Information Access) allowing retrieval of the issuer's certificate. I'm not sure whether (or how) web browsers try to use that.)

 

[Eddy Edson]

I'm back to getting a brief "site cannot be reached" message before the forum loads, on my phone. I'd guess some kind of DNS gremlin, fwiw.

 

[RichardsUsername]

I'm back to getting a brief "site cannot be reached" message before the forum loads, on my phone. I'd guess some kind of DNS gremlin, fwiw.

Completely different problem. That many find hard to resolve.