This Pressure to go to SSL is intense!

DieselMinded

Well-known member
my host is $125/yr for comodo ssl per url so this mess is going to cost me $250/yr to keep my sites from showing "not secure" errors

IMG_3598.PNG

IMG_3600.PNG

let me ask this...

since we use pay pal processing to do secure payments via a gateway so we dont have to have our own secure pages

why cant someone set up remote registration pages via gateways and we can use iframes to display
 
Hello,

Please provide the CSR for the domain. and Confirm the 9.95/yr price.

Thanks!
--
Donald Bennett
xxxxxx xxxx xxxxxxxxxxx

*Please note that tickets are automatically closed after 7 days with no reply. If you need additional support on any issue and the ticket was closed, simply replying will re-open the ticket in our system. You can also reopen the ticket via your client portal.



That was total cost for 1 year certificate from our hosting when we put on new certificate last spring . So yes, the price they are quoting is nuts. (took out the hosing name- not trying not advertise for them)
 

Mr Lucky

Well-known member
since we use pay pal processing to do secure payments via a gateway so we dont have to have our own secure pages

why cant someone set up remote registration pages via gateways and we can use iframes to display
is this actually a xenForo suggestion, or a suggestion for "someone?"
 

DieselMinded

Well-known member
If your host is charging $125 a year for a a Comodo SSL certificate, then it's time to find a new host. As @Arty said they can be installed from any control panel for your server and they are less than $10 a year from most places. All you need is a Positive SSL for your forums https://www.namecheap.com/security/ssl-certificates/comodo/positivessl.aspx
maybe what they offered me isnt what i need then this is the page they sent me too when i asked about ssl

https://support.fluidhosting.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=327
 

Snog

Well-known member

DieselMinded

Well-known member
pointed my host to this thread and got this response
A: Hi Chad,

For now we support only Commodo SSL. But we soon replace our servers and controlpanel and it will support let's encrypt ssl.
im waiting on them to upgrade the shared servers because i need mysql updated so i can move my ipb site to ipb 4

thing is i cannot get a time line, maybe this is just stall tactics

ive had this host for like 8 years... built a vb forum on thier vps and sold it for $85,000

fluid hosting has always treated me good and customer support has always been excellent

however recent troubles with getting them to upgrade mysql on a shared server and now issues with ssl thats going to end up hurting my sites has me ..... under pressure
 

Mike

XenForo developer
Staff member
As this has mostly moved to discussion of SSL options, this is probably best in a different forum.

There isn't anything we'd do about this, beyond recommend using SSL. In theory, you could (manually) rip out the "local" registration components and force people to login through things like Facebook, but that will create some other potential issues.
 

DieselMinded

Well-known member
As this has mostly moved to discussion of SSL options, this is probably best in a different forum.

There isn't anything we'd do about this, beyond recommend using SSL. In theory, you could (manually) rip out the "local" registration components and force people to login through things like Facebook, but that will create some other potential issues.
thing is @Mike the violating pages are not just the registration form thats the problem and i dont have log in forms displaying they have to click the button

IMG_3602.PNG IMG_3603.PNG


these pages should not be triggering security errors
 

Mike

XenForo developer
Staff member
There is a login form on all pages. If you are taking a different approach with logins then you could potentially remove that, but that's not resolving the problem. It's still insecure (in regards to MITM attacks for example) for people to log in without SSL. Even beyond the login form itself, if you are MITM'd, then they can steal credentials via your cookie which is effectively the same as your login details.

Hence, we recommend full SSL.
 
Top