Bug #3490
closed
https/ssl certificate signing for non *.commons.gc.cuny.edu domains
Added by Keith Miyake about 10 years ago.
Updated about 10 years ago.
Description
For sites that are not hosted under the *.commons.gc.cuny.edu domain, the existing https certificate does not verify, causing problems for loading pages in browsers that check the certificates, particularly when logged in. Would it be possible to somehow add individual sites to the certificate or to verify based on the *.gc.cuny.edu domain?
One of the big problems posed is when users are logged in to the commons and they visit one of the affected sites, some browsers (chrome) won't load resources that requested over http, which are requested as such because the ssl cert rejection causes the wordpress backend to default to http, or something along those lines...
The four specific sites for which I've observed this problem are:
pcp.gc.cuny.edu
globalization.gc.cuny.edu
studyofreligion.gc.cuny.edu
sciencestudies.gc.cuny.edu
- Status changed from New to Reporter Feedback
Hi Keith - Is it important that these sites be available over https? What if, as an interim fix, we forced all traffic not covered by the certificate over HTTP?
I don't think it's terribly important for it to use https, especially since the problem only really comes up when users log in. If the whole site is loaded via http when users are logged in, that should work perfectly.
- Category name set to Server
- Assignee set to Boone Gorges
- Target version set to Not tracked
Thanks, Keith. I've made some changes on the server so that all https requests on pages not covered by the *.commons.gc.cuny.edu are now directed to their non-SSL counterparts. However, in my (somewhat limited) testing, I had mixed results: the redirect is working, but only after the server has actually been contacted; and trying to access eg https://pcp.gc.cuny.edu throws an "untrusted connection" browser warning before the site is even hit.
Will you test a little bit to see if what's currently in place is solving your problems? If not, could you be a bit more specific about the particular scenarios where the problem is being exhibited?
- Status changed from Reporter Feedback to Resolved
You're awesome, Boone! Like you mentioned, I'm still getting the certificate warning if I go directly to https://pcp.gc.cuny.edu, but if I go to the non-ssl site it seems to work fine. And the primary problem--elements not loading because of mixed http/s when logged in--seems to be fixed since everything is loading over http now. I think we can mark this as closed.
- Target version changed from Not tracked to 1.6.17
Great - so glad to have helped! Thanks again for the report.
Also available in: Atom
PDF