flat assembler
Message board for the users of flat assembler.

Index > Heap > Using https://flatassembler.net => Untrusted Connection

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
YONG



Joined: 16 Mar 2005
Posts: 8000
Location: 22° 15' N | 114° 10' E
YONG
Has anyone tried using https://flatassembler.net ?

I got the following message:
Quote:
This Connection is Untrusted

...

Technical Details

board.flatassembler.net uses an invalid security certificate.

The certificate is not trusted because no issuer chain was provided.
The certificate is only valid for the following names:
*.bluehost.com , bluehost.com

(Error code: sec_error_unknown_issuer)
Confused
Post 16 Jul 2011, 09:21
View user's profile Send private message Visit poster's website Reply with quote
Enko



Joined: 03 Apr 2007
Posts: 678
Location: Mar del Plata
Enko
chrome says that:
you are trying to access https://flatassembler.net but the server identifies itself as *.bluehost.com .....
Post 16 Jul 2011, 13:30
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8879
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
maybe the hosting company (bluehost.com) doesn't provide ssl cert for its hosted web unless requested? or $$$ Smile
Post 16 Jul 2011, 14:01
View user's profile Send private message Reply with quote
Dex4u



Joined: 08 Feb 2005
Posts: 1601
Location: web
Dex4u
That because you are using
https
Which needs a security certificate, as in secure connection.
In stead of http://flatassembler.net/
Post 16 Jul 2011, 15:14
View user's profile Send private message Reply with quote
xleelz



Joined: 12 Mar 2011
Posts: 86
Location: In Google Code Server... waiting for someone to download me
xleelz
Dex4u wrote:
That because you are using
https
Which needs a security certificate, as in secure connection.
In stead of http://flatassembler.net/


I think they're adding the s on purpose to see what will happen...

_________________
The person you don't know is the person that could help you the most... or rape you, whichever they prefer.
Post 16 Jul 2011, 23:00
View user's profile Send private message Reply with quote
Dex4u



Joined: 08 Feb 2005
Posts: 1601
Location: web
Dex4u
xleelz wrote:
Dex4u wrote:
That because you are using
https
Which needs a security certificate, as in secure connection.
In stead of http://flatassembler.net/


I think they're adding the s on purpose to see what will happen...


Yes but its the same for many site eg: mikeos
https://mikeos.berlios.de/
Post 16 Jul 2011, 23:21
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
xleelz wrote:
The person you don't know is the person that could help you the most... or rape you, whichever they prefer.


Very Happy
Post 17 Jul 2011, 00:46
View user's profile Send private message Reply with quote
xleelz



Joined: 12 Mar 2011
Posts: 86
Location: In Google Code Server... waiting for someone to download me
xleelz
typedef wrote:
xleelz wrote:
The person you don't know is the person that could help you the most... or rape you, whichever they prefer.


Very Happy


well it's true xD

_________________
The person you don't know is the person that could help you the most... or rape you, whichever they prefer.
Post 17 Jul 2011, 02:38
View user's profile Send private message Reply with quote
YONG



Joined: 16 Mar 2005
Posts: 8000
Location: 22° 15' N | 114° 10' E
YONG
So this site does not have an SSL certificate.

I did some digging and found that a few Certification Authorities (CAs) offer FREE SSL certificates. Refer to the links below.

http://cert.startcom.org/

http://www.instantssl.com/ssl-certificate-products/free-ssl-certificate.html

Is it a good idea to give these CAs a try?

Wink

EDIT: Fixed a grammatical error! Wink


Last edited by YONG on 21 Jul 2011, 12:20; edited 1 time in total
Post 18 Jul 2011, 01:55
View user's profile Send private message Visit poster's website Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
YONG wrote:
So this site does not have a SSL certificate.Is it a good idea to give these CAs a try?
Depends on whether they're part of browser/OS trusted root CAs or not.

_________________
Image - carpe noctem
Post 18 Jul 2011, 12:54
View user's profile Send private message Visit poster's website Reply with quote
YONG



Joined: 16 Mar 2005
Posts: 8000
Location: 22° 15' N | 114° 10' E
YONG
f0dder wrote:
YONG wrote:
So this site does not have a SSL certificate.Is it a good idea to give these CAs a try?
Depends on whether they're part of browser/OS trusted root CAs or not.
It appears so:
Quote:
The StartCom Certification Authority is today supported by most important platforms like Microsoft Windows, Apple Macintosh OS X and many Linux operating systems and browsers like Internet Explorer, Mozilla Firefox, Safari and Google's Chrome provide built-in support.
Anyway, I believe that TG always turns a blind eye to threads like this. Wink
Post 19 Jul 2011, 05:00
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17263
Location: In your JS exploiting you and your system
revolution
I use the https connection for this board. I had to add an exception in the browser to accept the cert.

My main reason to use https is to avoid monitoring/filtering/censorship when travelling. Also, sometimes transparent proxies can cause old pages to be delivered so https bypasses such ISP practices.
Post 19 Jul 2011, 17:00
View user's profile Send private message Visit poster's website Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
https also prevents attacks like DDOS and DOS.
Post 19 Jul 2011, 22:35
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17263
Location: In your JS exploiting you and your system
revolution
typedef wrote:
https also prevents attacks like DDOS and DOS.
How?
Post 19 Jul 2011, 22:41
View user's profile Send private message Visit poster's website Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
revolution wrote:
typedef wrote:
https also prevents attacks like DDOS and DOS.
How?


http://securitycertificate.net/2011/03/using-an-ssl-to-make-your-way-through-to-a-site-under-a-dos-attack/
Post 20 Jul 2011, 00:44
View user's profile Send private message Reply with quote
YONG



Joined: 16 Mar 2005
Posts: 8000
Location: 22° 15' N | 114° 10' E
YONG
revolution wrote:
My main reason to use https is to avoid monitoring/filtering/censorship when travelling.
Exactly!

My favorite library is closed on Sundays & public holidays. So I have no other choice but access the Internet via some FREE Wi-Fi connections, which are, unfortunately, unsecured. And I need to use https then. Wink
Post 20 Jul 2011, 04:16
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17263
Location: In your JS exploiting you and your system
revolution
typedef wrote:
revolution wrote:
typedef wrote:
https also prevents attacks like DDOS and DOS.
How?
http://securitycertificate.net/2011/03/using-an-ssl-to-make-your-way-through-to-a-site-under-a-dos-attack/
HTTPS does not prevent DDoS. Perhaps you meant to say that in some circumstances, on some websites, using HTTPS might be able to bypass a server that is experiencing a normal HTTP attack?
Post 20 Jul 2011, 05:43
View user's profile Send private message Visit poster's website Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
Yes, you can configure the server (via an automated script) to switch to SSL after certain simultaneous rapid requests on basic text protocol.

But, this is not the case with fasm.net Very Happy
Post 20 Jul 2011, 06:00
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
typedef wrote:
Yes, you can configure the server (via an automated script) to switch to SSL after certain simultaneous rapid requests on basic text protocol.
And what exactly is that going to achieve when you're under a DDoS that's saturating all your available bandwidth? Smile

You'd need a separate link (say, a dedicated ISDN line) to be able to do anything.
Post 20 Jul 2011, 18:02
View user's profile Send private message Visit poster's website Reply with quote
Tomasz Grysztar
Assembly Artist


Joined: 16 Jun 2003
Posts: 7718
Location: Kraków, Poland
Tomasz Grysztar
YONG wrote:
Anyway, I believe that TG always turns a blind eye to threads like this. Wink
You should have posted this in "Feedback" subforum, it was created for this kinds of reports and discussions.

As for the SSL certificate problems, it was already reported to me by revolution the day after I moved flatassembler.net to a new host - however my response was, that there is not much I can do, because even if I got some free SSL certificate, I would not be able to use it without buying a more expensive hosting package with dedicated IP.
Post 21 Jul 2011, 09:27
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.