HTTPS and Insecure Site Warning on AW

Status
Not open for further replies.

AW Admin

Administrator
Super Member
Registered
Joined
Apr 19, 2008
Messages
18,772
Reaction score
6,283
It means that we are not currently using https.

  1. We need to purchase a security certificate.
  2. Take the server offline.
  3. Move to a new server.
  4. Install the certificate.

  • We have purchased the certificate.
  • We are picking a date to install it.
  • We will do this very soon.
  • We've been working on this quite a while; it's just server move and install that's left, and that means shutting off AW.

What does the Insecure Flag Mean?


HTTPS and SSL certificates are ways to protect the data you send to the site/server and it sends to you.
The flag means that AW is not currently using HTTPS, and that data you send to the server and it sends back (like posts) isn't encrypted.

  • We don't perform transactions on the site.
  • We don't send financial data.
  • We aren't sending private data, of the sort you might at a bank, for instance.

But Google search listing, the Chrome web browser, the Firefox browser and versions of all other browsers will start flagging any site that doesn't use HTTPS as insecure.
Nothing has changed; AW isn't insecure, but we will be using HTTPS as soon as possible.

Here's some more information:

2017 is the Year of HTTPS and SSL


When Will This Happen?


We don't have a definite date; soon. When we know the date, we'll announce it widely since we'll have to turn AW off for a day or two.


Questions?

If you have questions, please ask them here or PM AW Admin or MacAllister.
 
Last edited:

TrinaM

Super Member
Registered
Joined
Apr 29, 2017
Messages
115
Reaction score
45
Location
Pacific NW US
Website
trinamalone.com
Just thought I'd chime in as a techie who has moved a bunch of folks to SSL -- if you're moving servers, anyway, check for some that offer the free Let's Encrypt SSL. It works great. I know you've already bought it for this year, but...next year will come before you know it. And Let's Encrypt is fully automated, so once you're on it...you're pretty much there. You'll likely have some tweaking to get rid of mixed content warnings (old links in posts that have http:// in them) but your software probably has a plugin to handle that.

I put off going to SSL for a long time. I have to say, it turned out to be so much easier than I thought!!!
 

AW Admin

Administrator
Super Member
Registered
Joined
Apr 19, 2008
Messages
18,772
Reaction score
6,283
Let's Encrypt isn't a durable certificate*, and won't really work for us because you have to keep renewing it.

It's also not compatible with the server security and malware protection services we use.

We've purchased a durable high-end SSL certificate but it requires a moar modern OS etc. so we might as well upgrade the RAM etc.

The difficulty is getting the schedules of three people who all have fulltime jobs synced in order to actually do the server upgrade and move all the databases, do QA, etc.


*I like them hugely, and use them on sites I run that are smaller, but they do have to be renewed frequently.
 
Last edited:

Layla Nahar

Seashell Seller
Super Member
Registered
Joined
Feb 6, 2007
Messages
7,655
Reaction score
913
Location
Seashore
... getting the schedules of three people who all have fulltime jobs synced in order to actually do the server upgrade and move all the databases, do QA, etc...

btw - thank you in advance for all of it
 
Status
Not open for further replies.