The Mental Militia Forums

Please login or register.

Login with username, password and session length
Pages: 1 2 [3] 4 5 ... 9   Go Down

Author Topic: TCF SSL Access  (Read 106961 times)

Bill St. Clair

  • Techie
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 6852
    • End the War on Freedom
Re: TCF SSL Access
« Reply #30 on: January 22, 2007, 07:55:34 pm »

SSL access has been down for me all day. I submitted a support ticket to Hosting Matters, our web service provider. Tell you more when there's more to tell.
Logged
"The state can only survive as long as a majority is programmed to believe that theft isn't wrong if it's called taxation or asset forfeiture or eminent domain, that assault and kidnapping isn't wrong if it's called arrest, that mass murder isn't wrong if it's called war." -- Bill St. Clair

"Separation of Earth and state!" -- Bill St. Clair

Shevek

  • Full Member
  • ***
  • Offline Offline
  • Posts: 970
  • Liberty-Minded Fussitarian Nit-Picker
    • Simple Liberty
Re: TCF SSL Access
« Reply #31 on: January 22, 2007, 08:12:30 pm »

Quote
Firefox . . . Works on Windows, Macintosh, and Linux. Auto-updates, if you let it.
Caution: Firefox runs very slow on older hardware because of the convoluted XUL interface. If you are not a browser power user, then consider Opera or K-Meleon. I use the latter a lot and is very snappy and fast.

Quote
I sure hate being the only dumb one.
You're not dumb, just ignorant about computers. I'm quite ignorant about nursing and the medical industry!

Quote
SSL access has been down for me all day. I submitted a support ticket to Hosting Matters, our web service provider. Tell you more when there's more to tell.
You're blog is down too. Same host provider?
Logged
"But there was always time for swimming and for talking, and never a time by which a task must be finished. There were no hours: only whole days, whole nights." The Children of the Open Sea, The Farthest Shore, Ursula K. Le Guin.

http://www.simpleliberty.org/   http://humanreadable.nfshost.com/

Bill St. Clair

  • Techie
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 6852
    • End the War on Freedom
Re: TCF SSL Access
« Reply #32 on: January 22, 2007, 09:09:22 pm »

The SSL log file had reached the file size limit. They removed it and restarted the SSL server. SSL access is back up.

My blog is hosted by nearlyfreespeech.net. Works for me now. tcftalk.com is hosted my hostingmatters.com.
Logged
"The state can only survive as long as a majority is programmed to believe that theft isn't wrong if it's called taxation or asset forfeiture or eminent domain, that assault and kidnapping isn't wrong if it's called arrest, that mass murder isn't wrong if it's called war." -- Bill St. Clair

"Separation of Earth and state!" -- Bill St. Clair

Bill St. Clair

  • Techie
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 6852
    • End the War on Freedom
Re: TCF SSL Access
« Reply #33 on: January 22, 2007, 11:15:01 pm »

Well, my blog WAS broken. Deleted a spam user account twice again, which caused the guest account to be removed, which only allowed registered users to see anything. Fortunately, the last time this happened I created a page with instructions for fixing it. So it's fixed now.
Logged
"The state can only survive as long as a majority is programmed to believe that theft isn't wrong if it's called taxation or asset forfeiture or eminent domain, that assault and kidnapping isn't wrong if it's called arrest, that mass murder isn't wrong if it's called war." -- Bill St. Clair

"Separation of Earth and state!" -- Bill St. Clair

Bill St. Clair

  • Techie
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 6852
    • End the War on Freedom
Re: TCF SSL Access
« Reply #34 on: April 04, 2007, 09:37:13 am »

Prompted by a complaint from Hosting Matters about our scripts or .htaccess files generating illegal URLs, I finally figured out how to get a free SSL certificate for tcftalk.com. You no longer need to use https://erte.hmdnsgroup.com/~tcftalk/ for encrypted access to the boards. You can now use https://thementalmilitia.com/forums/ . Since the new certificate is for the proper domain, you can also tell your browser to accept the Certificate Authority (CA) permanently, and stop having to verify the first access each time you relaunch your browser. Firefox gives an option on its warning dialog for this. Don't know about other browsers.

Note that you'll have to enter your user ID and password the first time you login with https://thementalmilitia.com/forums/ , but if you have cookies enabled in your browser (the default for most browsers), it will remember them after that.

I have to change an .htaccess file to make the wiki properly respond to https://tcftalk.com/wiki/ , but I expect to do that tonite.

If you use encrypted (https) access to the forum, please change your bookmarks to:

https://thementalmilitia.com/forums/

Yay!
Logged
"The state can only survive as long as a majority is programmed to believe that theft isn't wrong if it's called taxation or asset forfeiture or eminent domain, that assault and kidnapping isn't wrong if it's called arrest, that mass murder isn't wrong if it's called war." -- Bill St. Clair

"Separation of Earth and state!" -- Bill St. Clair

Claire

  • Plain Folks
  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 6577
    • Living Freedom
Re: TCF SSL Access
« Reply #35 on: April 04, 2007, 10:30:53 am »

Yay! indeed -- and thank you, Bill. It was quite a surprise to get an email from "Abuse Investigations" at our hosting service. Poor innocent us; we had no idea there was any problem. Neither Debra nor I even understood what the Hosting Matters support folks were talking about. So thank heaven for Bill, his tech skills, and his efficiency.

Off to change my bookmarks right now.
Logged
Just as the flattery of friends often leads us astray, so the insults of enemies often do us good. -- St. Augustine, Confessions, Book IX, Chapter 8


When faith ceases to be a challenge to the standards of polite society, it is no longer, or has not yet become, faith. -- Donald Spoto, Reluctant Saint:  The Life of Francis of Assisi


My life is my message. -- Gandhi

Bill St. Clair

  • Techie
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 6852
    • End the War on Freedom
Re: TCF SSL Access
« Reply #36 on: April 04, 2007, 07:32:59 pm »

OK. http://tcftalk.com/wiki/ works now, for me, and the old erte.hmdnsgroup.com address does NOT work. So if the new IP address hasn't propagated to your DNS server, you'll have to add the DNS to your /etc/hosts file to get to the wiki. I changed the New Box accordingly.
Logged
"The state can only survive as long as a majority is programmed to believe that theft isn't wrong if it's called taxation or asset forfeiture or eminent domain, that assault and kidnapping isn't wrong if it's called arrest, that mass murder isn't wrong if it's called war." -- Bill St. Clair

"Separation of Earth and state!" -- Bill St. Clair

Bill St. Clair

  • Techie
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 6852
    • End the War on Freedom
Re: TCF SSL Access
« Reply #37 on: April 05, 2007, 08:38:04 am »

I just fixed the original problem that Hosting Matters complained about by redirecting http(s)://erte.hmdnsgroup.com/~tcftalk/* to https://tcftalk.com/* .

That will break the board completely for anybody who doesn't have the correct IP address. Hopefully, the DNS change has propagated by now.

There IS a work-around. You can use the IP address directly:

  http://63.247.128.94/clairefiles/
  https://63.247.128.94/clairefiles/

The encrypted version will cause your browser to complain that the domain in the SSL certificate is not 63.247.128.94, but it will work.

Adding a line to /etc/hosts will also work:

  63.247.128.94  tcftalk.com www.tcftalk.com
« Last Edit: April 05, 2007, 08:46:32 am by Bill St. Clair »
Logged
"The state can only survive as long as a majority is programmed to believe that theft isn't wrong if it's called taxation or asset forfeiture or eminent domain, that assault and kidnapping isn't wrong if it's called arrest, that mass murder isn't wrong if it's called war." -- Bill St. Clair

"Separation of Earth and state!" -- Bill St. Clair

barkingowl

  • Guest
Re: TCF SSL Access
« Reply #38 on: April 10, 2007, 08:35:55 pm »

Thanks Bill! I can see the little lock icon displayed in the upper right corner of my Safari window.  :mellow:
Logged

Bill St. Clair

  • Techie
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 6852
    • End the War on Freedom
Re: TCF SSL Access
« Reply #39 on: August 17, 2007, 08:18:21 am »

I got a notice today from cacert.org that our SSL certificate would expire in 45 days, so I renewed it today, while I'm thinking of it. I expect Hosting Matters to install it soon. When they do, you may get a warning that the certificate is unrecognized, and you'll have to tell your browser to accept it, permanently if you don't want to see the warning again, or temporarily if you do.
Logged
"The state can only survive as long as a majority is programmed to believe that theft isn't wrong if it's called taxation or asset forfeiture or eminent domain, that assault and kidnapping isn't wrong if it's called arrest, that mass murder isn't wrong if it's called war." -- Bill St. Clair

"Separation of Earth and state!" -- Bill St. Clair

username

  • Full Member
  • ***
  • Offline Offline
  • Posts: 147
Re: TCF SSL Access
« Reply #40 on: August 17, 2007, 10:22:48 am »

If you really want to have an effectively secure forum there are several things that need to be done beyond SSL. Of course like in anything, there is risk of users being undercover agents gather information essentially compromising the most secure enviroments.

Honestly, the only real solution is to keep your groups small and your members well known. :)

Userame
Logged

Bill St. Clair

  • Techie
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 6852
    • End the War on Freedom
Re: TCF SSL Access
« Reply #41 on: June 21, 2008, 04:46:56 pm »

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Somebody asked me to post the fingerprints of our SSL certificate. I sent
email, but it appears to have not arrived.

The certificate's fingerprints are:

  SHA1: C3:B7:FD:6B:9C:9B:2C:13:DF:07:8E:61:55:E2:19:51:D4:35:37:98
  MD5:  8B:FD:FB:19:B8:06:04:8C:13:7B:D3:F4:1F:34:FC:77

Because I'm using a cacert.org free certificate, I have to update it every
six months. From now on I'll post the fingerprints, signed with my PGP key,
when I update.

There is some concern with the Debian key generation problem. I don't think
our certificate has that.

The TMM certificate was generated by cacert.org. http://blog.cacert.org/
says:

"Luckly, the CAcert Root Class 1 and 3 keys are not affected as these were
generated before the vulnerability was introduced into Debian[3] in
September 2006. The process that signs CSR (certificate signing requests)
and therefore all signed public keys does not use any key generation, so
they are not affected by CAcert. Conclusion: CAcert does NOT have to
reissue every signed certificate."

cacert uses Debian internally, so there is a tiny chance that somebody
snuck into their system using a forged SSH key, and stole their root
certificate private key. They didn't think that was enough of a threat to
regenerate their root certificate, though.

The TMM certificate's private key was generated by site5.com's automated
system. I can't find anywhere whether they use Debian for that. It appears
from /proc/version in the SSH environment on our hosting machine, that it
is Red Hat 3.4.6-9. That doesn't imply that their SSL certificate signing
request generator is also running Red Hat, but I'd call it likely.

Bill

-----BEGIN PGP SIGNATURE-----
Version: 9.7.2.1608

wlcDBQFIXXYzesiiYincerIRCKPHAQD8DYffJc1tEQ8kevCjw4Q6VJUcFzowgmDl
2oTYVEzA1wEAk/cb5HkCATVTLzf7iGRIai/MOKt7yznpNHDYDVQTZ8E=
=hFUk
-----END PGP SIGNATURE-----
Logged
"The state can only survive as long as a majority is programmed to believe that theft isn't wrong if it's called taxation or asset forfeiture or eminent domain, that assault and kidnapping isn't wrong if it's called arrest, that mass murder isn't wrong if it's called war." -- Bill St. Clair

"Separation of Earth and state!" -- Bill St. Clair

gridboy

  • Full Member
  • ***
  • Offline Offline
  • Posts: 558
Re: TCF SSL Access
« Reply #42 on: July 01, 2008, 09:35:51 am »


Hi,

 I'm getting a warning from my browser that these pages are partially unencrypted.
Is that the intent?

Thanks,
gridboy
Logged

Bill St. Clair

  • Techie
  • Sr. Member
  • *****
  • Offline Offline
  • Posts: 6852
    • End the War on Freedom
Re: TCF SSL Access
« Reply #43 on: July 01, 2008, 10:27:36 am »


Hi,

 I'm getting a warning from my browser that these pages are partially unencrypted.
Is that the intent?

Thanks,
gridboy

There are two places that warning can come from:

1) The Google Adsense banner at the top of the page

2) User avatars stored on external web sites.

Those are expected. They could possibly be used to associate your IP address with that page you're browsing here.
Logged
"The state can only survive as long as a majority is programmed to believe that theft isn't wrong if it's called taxation or asset forfeiture or eminent domain, that assault and kidnapping isn't wrong if it's called arrest, that mass murder isn't wrong if it's called war." -- Bill St. Clair

"Separation of Earth and state!" -- Bill St. Clair

Apple

  • Strangely Attractive
  • Full Member
  • ***
  • Offline Offline
  • Posts: 703
  • Play the Game
    • Weapons of Mass Enlightenment
Re: TCF SSL Access
« Reply #44 on: July 01, 2008, 01:22:55 pm »

Thanks for the heads-up Bill. I did indeed not receive any e-mail from you; how odd. ??? Thanks also for keeping us up to date regarding the certificate from now on. And I didn't even have to ask! :notworthy:

Finally, I never saw this thread until it was posted to again today. My bad, it must have slipped through the cracks.
Logged
 —Well? Shall we go?
 —Yes, let's go.
[Stage directive: they do not move.]

(last lines of “Waiting for Godot”)

PGP Key:  A2D2 B4BD CEB9 24C8 F272  16DC C1C9 65C5 39ED A0BF
Pages: 1 2 [3] 4 5 ... 9   Go Up