Organ Forum not secure

A discussion forum for anything even marginally Hauptwerk-related.
Post Reply
Coenraads
Member
Posts: 73
Joined: Fri Feb 01, 2019 10:13 pm

Organ Forum not secure

Post by Coenraads »

When I try to access the Organ Forum, Google tells me the site is not secure and that its certification date is invalid.
I assume this is related to the latest changes in the Forum. Does anyone else experience this?
John
larason2
Member
Posts: 798
Joined: Thu Feb 04, 2016 9:32 pm

Re: Organ Forum not secure

Post by larason2 »

I actually don't remember a time when Safari has said the forum was secure! It has been saying "not secure" for years for me. The Hauptwerk.com website is secure though, and has always been to my memory, just not the forum.
RaymondList
Member
Posts: 224
Joined: Sun Mar 11, 2018 2:46 pm

Re: Organ Forum not secure

Post by RaymondList »

If I understand correctly what is being said here, if you change "http://" to "https://" at the beginning of the address, it will be secure. It can be accessed either way. I hope this helps.

Regards,
Ray
Ray
mnailor
Member
Posts: 1702
Joined: Sat Nov 30, 2013 5:57 pm

Re: Organ Forum not secure

Post by mnailor »

True, but the link from hauptwerk.com Support to Forum takes you to http:, not https:.
User avatar
jbittner
Member
Posts: 111
Joined: Fri Aug 27, 2010 1:34 pm

Re: Organ Forum not secure

Post by jbittner »

Since the OP explicitly said the Organ Forum, I'm assuming that they literally meant the Organ Forum, and not this, the Hauptwerk Forum. The Hauptwerk Forum is not on a secure server.

RE: the Organ Forum
http://organforum.com automatically redirects to https://organforum.com. AFAIK it is not possible to access the site on an http connection.

Out of date browsers and OSs have a problem trusting the issuer of the site's certificate. Make sure your browser and OS are updated to the most recent versions or use a different browser. Chrome, Edge, Firefox, Brave, and Opera all work.

This thread addresses the issue

They've recently moved to a different server and there have been some connectivity issues that they're dealing with.
Last edited by jbittner on Sun Oct 30, 2022 9:42 am, edited 1 time in total.
John B.
Allen 965 MOS 2
Zuma Group MOS-2 Midi Keyboard Encoder
Zuma Group DM Midi Stop Controller
Hauptwerk 4.2
Major I ACO
Paramount 320
Father Willis Standard 80
User avatar
mdyde
Moderator
Posts: 15680
Joined: Fri Mar 14, 2003 1:19 pm

Re: Organ Forum not secure

Post by mdyde »

jbittner wrote:The Hauptwerk Forum is not on a secure server.
Hello John, with regard to the Hauptwerk forum specifically, it does actually use HTTPS, provided that you access it through an https:// prefixed link (not http://). If using Mozilla Firefox, that browser also automatically redirects http:// links to https:// equivalents, where they exist (as is the case for the Hauptwerk forum). I use this forum via HTTPS in Firefox.
Best regards, Martin.
Hauptwerk software designer/developer, Milan Digital Audio.
larason2
Member
Posts: 798
Joined: Thu Feb 04, 2016 9:32 pm

Re: Organ Forum not secure

Post by larason2 »

Ah, sorry. I thought the OP meant this forum. I only ever view the organ forum logged in, so it has always been secure for me. I just don't like the red default theme!
User avatar
jbittner
Member
Posts: 111
Joined: Fri Aug 27, 2010 1:34 pm

Re: Organ Forum not secure

Post by jbittner »

Thanks Martin. I normally access this forum through the Forums link under Support on the Hauptwerk home page, which is an http: link. I normally use one of the Chromium based browser, Chrome, Edge, Brave, etc. and they do not automatically redirect http: to https:

I just tried FireFox and did not redirect either. Version 106.0.2 (64-bit) on Windows 11. Is there a FireFox setting or are using an extension for the auto redirect?
John B.
Allen 965 MOS 2
Zuma Group MOS-2 Midi Keyboard Encoder
Zuma Group DM Midi Stop Controller
Hauptwerk 4.2
Major I ACO
Paramount 320
Father Willis Standard 80
User avatar
mdyde
Moderator
Posts: 15680
Joined: Fri Mar 14, 2003 1:19 pm

Re: Organ Forum not secure

Post by mdyde »

Thanks, John.
jbittner wrote:I just tried FireFox and did not redirect either. Version 106.0.2 (64-bit) on Windows 11. Is there a FireFox setting or are using an extension for the auto redirect?
You're using the same version number that I am (albeit on Windows 10 in my case). I just checked, closing the browser (which clears all cookies, the cache, and history, since I have its security/privacy settings set to do that), then opened reopened the browser, went to the Hauptwerk home page, and the selected the "Support | Forum" link. Although that link is HTTP, Firefox redirected it automatically to HTTPS in my case. I'm not sure why yours isn't doing that. Perhaps try clearing its cache and history.

Mine also defaults to HTTPS if (from a fresh browser session) I type the URL in the URL bar. I do have bookmarked, though.

Firefox does have an "HTTPS-Only Mode" setting, but I don't have that enabled (since a few sites don't support HTTPS at all).

If all else fails, you could potentially go to the HTTPS version of the forum directly:

https://forum.hauptwerk.com/

... then bookmark it, and use that bookmark subsequently, which is what I usually do.
Best regards, Martin.
Hauptwerk software designer/developer, Milan Digital Audio.
RaymondList
Member
Posts: 224
Joined: Sun Mar 11, 2018 2:46 pm

Re: Organ Forum not secure

Post by RaymondList »

It is also very easy (as I suggested earlier) to just insert an "S" in the appropriate place in the address bar of any browser after going to the unsecure version.
Regards,
Ray
Ray
cthart
Member
Posts: 52
Joined: Thu Jun 13, 2013 5:17 am

Re: Organ Forum not secure

Post by cthart »

mnailor wrote:True, but the link from hauptwerk.com Support to Forum takes you to http:, not https:.
Confirmed. This is something that needs to be fixed server-side.

To whoever maintains the Hauptwerk homepage and this forum, you should be doing the following:
  • making all links to other sites go to https URLs, where the destination supports this (very few sites don't in 2022!).
  • adding redirects from http to https on sites where you still allow unsecure http access.
  • adding HSTS headers to your webserver config so that browsers know never to use http once they've visited via https.
Cheers,

Colin (who does this stuff for a living)
Post Reply