There are 19 comments on this blog. |
|
Thanks for the update...
|
|
Your server cert is valid, but your installation is incomplete. Do a check using qualys or sslchecker or even digicert (https://www.digicert.com/help/).
You are missing your intermediate certificate and therefore people are connecting to this site unsecured. If you do not have a padlock next to the URL in your browser, then you are not connecting via TLS.
|
|
I have a padlock next to the url.
|
|
Quality hosting provider, Firewall and Sitelock (or other anti-scripting tool) if possible.
That's about all you can do.
|
|
@TheRealGuido -> padlock = Current SSL cert.
Looks good to me.
|
|
check the report https://www.ssllabs.com/ssltest/analyze.html?d=www.humaniplex.com
there is a misconfiguration with the web server and there is a missing intermediate certificate. This means some people will not be able to connect securely. This check is skipped in some browsers (chrome and Firefox do not skip this btw). It is also possible that some of you have a cached copy of the intermediate cert on your system, thus allowing you to connect securely.
bottom line is, the web server is missing config to explicitely link the intermediate cert with the server cert and the signing CA.
This is my last comment on the topic. The admins can choose to ignore this, or they can go to the digicert site and look at this page that give them easy to follow directions on how to resolve this issue
https://knowledge.digicert.com/solution/SO15690.html
|
|
^^ what he said
Something def wrong with your cert causing loss of secure connection.
Doesn't mean it's the reason for this breach
But could be for the next one
Also, no doubt you have each discrete users ip address which leads to other info
|
|
Not to be a stick in the mud , there is ALWAYS a Broken Arrow file Hidden deep to be discovered.
All websites have them , kinda like a get outa jail free card. Just ask Ashley Madison
|
|
Nerd, according to that ssllabs link you provided, there is one intermediate cert, "Thawte TLS RSA CA G1", that is not on the HX server, but is an "extra download". The link you provided says it works properly under Mozilla, Apple, Android, Java, and Windows.
The grade HX gets is a B because of this.
Hardly seems like this missing intermediate cert is causing people to not be able to connect using HTTPS to HX.
HX, can you go ahead and add this additional cert? Seems pretty easy to do. Then you can get a nice shiny A grade. Well until next month when your support for TLS 1.0 and 1.1 knocks it back down to a B.
^Written by my company's IT guy.
|
|
Is everybody in your company a member?
|
|
@mj, you do not know what you are talking about - the missing intermediate cert is a big deal and can lead to some people not making a secure connection. The missing cert also prevents the admins from enabling other security features, features like HSTS, which should also be enabled.
|
|
Lol, you provided the link. Now you don't like what the link says?
Can you point out one thing in my comment that is incorrect?
|
|
@mj
"Hardly seems like this missing intermediate cert is causing people to not be able to connect using HTTPS to HX."
the missing cert IS causing some people to not connect securely.
If a simple thing like not configuring your web server properly with the needed intermediate cert, what else is misconfigured?
Turns out just about everything is misconfigured here. Take a look at the security scan from https://pentest-tools.com/website-vulnerability-scanning/website-scanner.
|
|
^^ ok boomer
|
|
"2 - random guy nerdvana who rarely posts trys to help
3 - asshole "insiders" come out and talk shit and put him down
maybe try a having a little friendly manners and encourage people to participate"
I tried discussing with Nerd the report he linked to and actually agreed with him that HX should fix the intermediate cert issue, but all he could do is personally attack me and say I don't know what I'm talking about.
You would describe that as trying to help, not putting people down, having friendly manners, and encouraging people to participate?
|
|
Just received a similar email today from a so called. "Elizabeth"
|
|
Just received a similar email today from a so called. "Elizabeth"
Same here and also to my old deleted accounts.
|
|
Yep. Got an email too today from Elizabeth. However it was to my “parent” yahoo account referencing my yahoo account that links to hx
|
|
Elizabeth is great!
You should respond back to set up a meet!
|
There are 19 comments on this blog. |