Up to Main Index Up to Journal for October, 2016 JOURNAL FOR FRIDAY 14TH OCTOBER, 2016 ______________________________________________________________________________ SUBJECT: Safe & sound DATE: Fri 14 Oct 23:41:41 BST 2016 As you may have heard the certificate authority GlobalSign accidentally caused their online certificate status protocol server to report that all downstream SSL certificates signed by one of their certificates had been revoked. Oops. I found out about it at work when I started getting complaints from users with issues accessing sites we host - Google Chrome or Internet Explorer complained about the revocation with 'scary' error messages. As a result I've been looking at Let's Encrypt again. From their website[1]: Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. I couldn't really go messing about with a client's website doing experiments could I? So I needed a site where it didn't matter if it flatlined now and again as I played with configuration settings. Now where could I find such a site? ;) As a result www.wolfmud.org and the git repository at code.wolfmud.org are now running under SSL. I've tested using Google Chrome on Linux, Android and Windows 10. I've also tested in IE11, Edge and Firefox on Windows 10. All seem to be working fine. I've also used Qualys' SSL Labs SSL checker[2] on the domain - it gets an 'A' rating :) However, if anyone does have any issues *please* email me some with details and I'll look into it! diddymus@wolfmud.org One tip that may help others: If you are using the Let's Encrypt staging server for testing the browsers will complain about the issuer being unknown. This is usually attributed on the various forums as a problem with either the chain.pem or fullchain.pem files being needed and configured. It isn't. Neither of the files work with the staging server. After wasting hours fiddling with the files and configuration settings I switched to the live server and got a live certificate, everything then worked beautify. Admittedly I'm not using the official client or configuring things in the 'normal' way. *sigh* In other news... Over the last week I've been fixing a few general bugs in WolfMUD. I'm also trying to clean up the frontend code again - actually overhauling might be a better description. Currently trying to separate the different parts of the frontend from each other. Hopefully this will lead to a solution for the problem of having to go through the registration process again if the account ID chosen is already used. It should also allow me to drop the ugly stash field in the frontend struct. Only 16 days left till Halloween... /\oo/\ -- Diddymus [1] Let's Encrypt: https://letsencrypt.org [2] Qualys' SSL Labs SSL checker: https://www.ssllabs.com/ssltest/ Up to Main Index Up to Journal for October, 2016