HTTPS: Please report any issues in this topic.

[armando_m]

I resolved the issues right away with above operations, initially i noticed Opera was very strict, maybe thats why i like it.

Fons,
does it show as secure ?

I no longer get the warnings but is says the site is not secure and shows the certificate as invalid

[Fons Baerken]

Opera reads :


Security overview
This page is not secure (broken HTTPS).
Certificate - missing
This site is missing a valid, trusted certificate (net::ERR_CERT_COMMON_NAME_INVALID).
View certificate
Resources - all served securely
All resources on this page are served securely.
Connection - obsolete connection settings
The connection to this site is encrypted and authenticated using TLS 1.0, RSA, and AES_256_CBC with HMAC-SHA1.
TLS 1.0 is obsolete. Enable TLS 1.2 or later.
RSA key exchange is obsolete. Enable an ECDHE-based cipher suite.
AES_256_CBC is obsolete. Enable an AES-GCM-based cipher suite./revival/index.php?topic=8752.msg146813;topicseen#msg146813:1 The connection used to load resources from https://nikongear.net used TLS 1.0 or TLS 1.1, which are deprecated and will be disabled in the future. Once disabled, users will be prevented from loading these resources. The server should enable TLS 1.2 or later. See https://www.chromestatus.com/feature/5654791610957824 for more information.

[Akira]

Fons, thank you for the details.

On Firefox, the orange triangle has never disappeared since the site had become https and warns basically for the same reason as Opera indicates.

[armando_m]

...
TLS 1.0 is obsolete. Enable TLS 1.2 or later.
....

thank you Fons, great detail

we had to do this at work with the multiple servers my team supports

[Fons Baerken]

https://knowledge.digicert.com/generalinformation/INFO3299.html

[Frank Fremerey]

Today I had to run through the same procedure again (Windows 10, current Firefox x64), although it seemed to have worked yesterday...

Plus I get the organge triangle with the statement the encryption is weak and defective (TLS 1.0)

[Birna Rørslett]

We happen to know the root of the alleged problem is with our server. However, unless Andrea can escape from her moving duties, (from New Jersey to New Mexico) we simply don't have the "manpower" to deal adequately with the padlock issue.

[Frank Fremerey]

Opera reads :


Security overview
This page is not secure (broken HTTPS).
Certificate - missing
This site is missing a valid, trusted certificate (net::ERR_CERT_COMMON_NAME_INVALID).
View certificate
Resources - all served securely
All resources on this page are served securely.
Connection - obsolete connection settings
The connection to this site is encrypted and authenticated using TLS 1.0, RSA, and AES_256_CBC with HMAC-SHA1.
TLS 1.0 is obsolete. Enable TLS 1.2 or later.
RSA key exchange is obsolete. Enable an ECDHE-based cipher suite.
AES_256_CBC is obsolete. Enable an AES-GCM-based cipher suite./revival/index.php?topic=8752.msg146813;topicseen#msg146813:1 The connection used to load resources from https://nikongear.net used TLS 1.0 or TLS 1.1, which are deprecated and will be disabled in the future. Once disabled, users will be prevented from loading these resources. The server should enable TLS 1.2 or later. See https://www.chromestatus.com/feature/5654791610957824 for more information.

thank you, Fons!

[Matthew Currie]

I had a brief problem, just told Firefox to make a certificate exception, which shows now on the URL bar.  It works fine this way.  I will try at some point soon to unexcept it and see what happens next, but I'm trusting that the Nikongear folks are not going to sneak in and steal my stuff.

[CS]

but I'm trusting that the Nikongear folks are not going to sneak in and steal my stuff.

That remark leads me to believe that you're under the wrong impression about this situation. NG folks were never suspected of anything untoward, a point that needs to be made.

[Frank Fremerey]

That remark leads me to believe that you're under the wrong impression about this situation. NG folks were never suspected of anything untoward, a point that needs to be made.

yes, Carl, true: because encryption is weak or non existent anyone can read what is send or received in principle

[Bear Dale]

What exactly do I have to do to stop seeing this?

[Birna Rørslett]

Accept as an exception.


To prevent a misunderstanding: our server does run with the https security protocol, but not at the highest level of TLS (so far). This is what triggers the warning.

[Bear Dale]

Accept as an exception.


To prevent a misunderstanding: our server does run with the https security protocol, but not at the highest level of TLS (so far). This is what triggers the warning.

Thanks, could you please tell me how to do that? I use Firefox.

[Fons Baerken]

Click on

I understand the risks and wish to continue