Page 1 of 1

Organ Forum not secure

Posted: Thu Oct 27, 2022 12:22 pm
by Coenraads
When I try to access the Organ Forum, Google tells me the site is not secure and that its certification date is invalid.
I assume this is related to the latest changes in the Forum. Does anyone else experience this?
John

Re: Organ Forum not secure

Posted: Thu Oct 27, 2022 1:09 pm
by larason2
I actually don't remember a time when Safari has said the forum was secure! It has been saying "not secure" for years for me. The Hauptwerk.com website is secure though, and has always been to my memory, just not the forum.

Re: Organ Forum not secure

Posted: Thu Oct 27, 2022 1:48 pm
by RaymondList
If I understand correctly what is being said here, if you change "http://" to "https://" at the beginning of the address, it will be secure. It can be accessed either way. I hope this helps.

Regards,
Ray

Re: Organ Forum not secure

Posted: Thu Oct 27, 2022 2:35 pm
by mnailor
True, but the link from hauptwerk.com Support to Forum takes you to http:, not https:.

Re: Organ Forum not secure

Posted: Sun Oct 30, 2022 9:30 am
by jbittner
Since the OP explicitly said the Organ Forum, I'm assuming that they literally meant the Organ Forum, and not this, the Hauptwerk Forum. The Hauptwerk Forum is not on a secure server.

RE: the Organ Forum
http://organforum.com automatically redirects to https://organforum.com. AFAIK it is not possible to access the site on an http connection.

Out of date browsers and OSs have a problem trusting the issuer of the site's certificate. Make sure your browser and OS are updated to the most recent versions or use a different browser. Chrome, Edge, Firefox, Brave, and Opera all work.

This thread addresses the issue

They've recently moved to a different server and there have been some connectivity issues that they're dealing with.

Re: Organ Forum not secure

Posted: Sun Oct 30, 2022 9:40 am
by mdyde
jbittner wrote:The Hauptwerk Forum is not on a secure server.
Hello John, with regard to the Hauptwerk forum specifically, it does actually use HTTPS, provided that you access it through an https:// prefixed link (not http://). If using Mozilla Firefox, that browser also automatically redirects http:// links to https:// equivalents, where they exist (as is the case for the Hauptwerk forum). I use this forum via HTTPS in Firefox.

Re: Organ Forum not secure

Posted: Sun Oct 30, 2022 10:33 am
by larason2
Ah, sorry. I thought the OP meant this forum. I only ever view the organ forum logged in, so it has always been secure for me. I just don't like the red default theme!

Re: Organ Forum not secure

Posted: Sun Oct 30, 2022 10:38 am
by jbittner
Thanks Martin. I normally access this forum through the Forums link under Support on the Hauptwerk home page, which is an http: link. I normally use one of the Chromium based browser, Chrome, Edge, Brave, etc. and they do not automatically redirect http: to https:

I just tried FireFox and did not redirect either. Version 106.0.2 (64-bit) on Windows 11. Is there a FireFox setting or are using an extension for the auto redirect?

Re: Organ Forum not secure

Posted: Sun Oct 30, 2022 12:36 pm
by mdyde
Thanks, John.
jbittner wrote:I just tried FireFox and did not redirect either. Version 106.0.2 (64-bit) on Windows 11. Is there a FireFox setting or are using an extension for the auto redirect?
You're using the same version number that I am (albeit on Windows 10 in my case). I just checked, closing the browser (which clears all cookies, the cache, and history, since I have its security/privacy settings set to do that), then opened reopened the browser, went to the Hauptwerk home page, and the selected the "Support | Forum" link. Although that link is HTTP, Firefox redirected it automatically to HTTPS in my case. I'm not sure why yours isn't doing that. Perhaps try clearing its cache and history.

Mine also defaults to HTTPS if (from a fresh browser session) I type the URL in the URL bar. I do have bookmarked, though.

Firefox does have an "HTTPS-Only Mode" setting, but I don't have that enabled (since a few sites don't support HTTPS at all).

If all else fails, you could potentially go to the HTTPS version of the forum directly:

https://forum.hauptwerk.com/

... then bookmark it, and use that bookmark subsequently, which is what I usually do.

Re: Organ Forum not secure

Posted: Sun Oct 30, 2022 8:41 pm
by RaymondList
It is also very easy (as I suggested earlier) to just insert an "S" in the appropriate place in the address bar of any browser after going to the unsecure version.
Regards,
Ray

Re: Organ Forum not secure

Posted: Sat Nov 05, 2022 5:54 am
by cthart
mnailor wrote:True, but the link from hauptwerk.com Support to Forum takes you to http:, not https:.
Confirmed. This is something that needs to be fixed server-side.

To whoever maintains the Hauptwerk homepage and this forum, you should be doing the following:
  • making all links to other sites go to https URLs, where the destination supports this (very few sites don't in 2022!).
  • adding redirects from http to https on sites where you still allow unsecure http access.
  • adding HSTS headers to your webserver config so that browsers know never to use http once they've visited via https.
Cheers,

Colin (who does this stuff for a living)