TromboneChat

Hi Chatters,

It was brought to my attention that TromboneChat's site certificate has expired this morning at 8:45 central time. I have personally experienced no interruption in service, but I understand it might be worrying or offputting if you get a security error relating to TC. We're looking into it, rest assured.

The problem seems to be manifesting in Firefox. Thanks for your patience!

It is present in Google Chrome as well. It’s mostly just annoying. It’s worse in Firefox. Every time you change pages you have to allow it. I know you guys will solve the issue. Thanks to all the guys who keep this place up and running!

In Firefox, I over-rode the security issue once, and it has not come up again.

It's still happening in Safari as of Saturday evening.

Still happening in Opera mobile.

I took care of re-purchasing SSL certificates today and we will implement these very soon. Likely Sunday. Stay tuned.

Neo Bri wrote: ↑Sat Jul 07, 2018 10:15 pm I took care of re-purchasing SSL certificates today and we will implement these very soon. Likely Sunday. Stay tuned.

The current expired certificate is issued by LetsEncrypt, which issues certificates freely. EDIT: I'm curious why you didn't go with them again?

Important to note that every browser (including IE11) issues a security warning (specifically that the certificate expired on the 6th of July). The only way not to see it is by accessing the site from http rather than https, but hopefully most are accessing it over https. Once a new certificate is in place, I think it would be good to force https if possible.

Is this supposed to be fixed yet? I'm still showing that the site is not secure, and getting the occasional popup.

Depending on your browser, it takes a little bit of digging to find out why a site is labelled as "insecure". In the case of TBC, you'll notice that it isn't because the data is unencrypted (if you are using HTTPS it should be encrypted, although we currently nave it configured that you can optionally use it because of some initial login issues so we'll probably close that off when we fix the SSL cert), but that our site's ownership isn't verified.

Currently we're going through the verification process with a new vendor that we elected to use for a variety of reasons. If it were a serious security issue, we would shut the site down until it was fixed but given that the only limitation is that you can't pin down an address, we're just letting it run until we can prove the ownership of the site. Neobri filled out the paperwork yesterday but I don't believe they gave an ETA for how long they say the process will take.

Tl;dr, the "insecurity" is that a 3rd party hasn't verified the legal ownership of the site yet.

The verification is going to take longer than expected. This is not my choice, but it is the way it is, unfortunately. I promise that nothing nefarious is going on...mostly waiting.

All good, thanks for the update.

Neo Bri wrote: ↑Tue Jul 10, 2018 9:15 pm The verification is going to take longer than expected. This is not my choice, but it is the way it is, unfortunately. I promise that nothing nefarious is going on...mostly waiting.

Or, nothing like this:
http://www.tromboneforum.org/


Seriously though, thanks to all you guys for making this place great!

LarryPrestonRoberson wrote: ↑Thu Jul 12, 2018 9:31 pm

Neo Bri wrote: ↑Tue Jul 10, 2018 9:15 pm The verification is going to take longer than expected. This is not my choice, but it is the way it is, unfortunately. I promise that nothing nefarious is going on...mostly waiting.

Or, nothing like this:
http://www.tromboneforum.org/


Seriously though, thanks to all you guys for making this place great!

Just 9 more months...

--Andy in OKC