[SSL added Sep 29 2014] Spongepowered.org; why no SSL? (now discussing its implementation and other security related things)

I believe that every site should have an SSL certificate (even if self signed) and should support both HTTPS and SPDY. It’s just good practice, so could those with the power please look into this, and those who agree like the thread so those with the power see it.

19 Likes

I can agree, with out the self sign though.

I agree with the need for SSL. Although I assume it’s a low priority, and it will cost money.

1 Like

Self signed is better than none.

Self signing is free, that’s why I suggested the self signing.

unless someone comes onto the site doesn’t now anything about websites and then gets on but some attacker changed it to his server also self sign normally gives warnings warding of people.

I’d prefer it to not be self signed. With this being a new community, the SSL self-signed warning would probably scare some people away.

I can agree with this much, but as Kin said, a real certificate:

speaking of such things, what does a signing authority charge now a days?

Somewhere around $80 - $100 I believe.

you can get one for 10 bucks from a trusted (ig No warning signs) for 10 per domain/subdomain.

here we are https://www.namecheap.com/security/ssl-certificates/single-domain.aspx

PositiveSSL is not very good. I’d be fine with Instant though.

comando offers the cheapest one right now although I would rather have a better one besides if it works why pay extra?

I was suggesting self signed, so anything but (even a cheep-o one) would be a million times better. quality aside.

Just FYI:

The default config for the forums is to turn on SPDY if SSL is enabled.

I was thinking site wide not just forums sub-domain, or is discourse running the whole site? (srry discourse is unfamiliar to me)

wildcard certs are upwards 95 bucks, but still there should be a cert all around the site, makes it seem more inviiting for people to make accounts with personal details going on them.

2 Likes

How many sub domains do they have, if it’s only 2 or 3 then one cert for each at $10 is better than a wild card cert at 95.

true, true it just depends on how they think they will have.