Connection Not Secure Message

Permalink
Hello fellow concrete5 users. What an awesome platform.

I have two concrete5 sites that use the login feature for a restricted Members Only section. As such, Firefox has flagged the site as insecure and some members are apparently unable to login. There is no personal or financial information involved, just a login password tied to a user name. I am note sure there is a solution other than buying SSL certificates (which are cost prohibitive) but wanted to see if anyone had any other suggestions or possible work around.

Thanks in advance for your support.

Tanneme
 
mnakalay replied on at Permalink Reply
mnakalay
that is really a browser issue. One by one they all decided to mark as unsafe any page containing a field such as a password, credit card number... as unsafe if not protected by an SSL certificate so yes, that's the only solution.

Having said so, it shouldn't stop your users from logging in. It should simply warn them.
Tanneme replied on at Permalink Reply
Tanneme
mnakalay, thanks for your response. I suspected as much. The group member who contacted me via email about the problem included the following quote from Firefox: "The owner of trailswestwriters.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website".

I wanted to further research the problem before contacting him. I was pretty sure that he should have been able to login regardless but now days some people have gotten pretty reluctant to trust anything on the Internet. And I can imagine that I will get a little push back from some users, no matter what. Oh, well.

Thanks again.
Gondwana replied on at Permalink Reply
Gondwana
This error message sounds different, to me. It seems more like what you'd get with an improperly installed or configured certificate, rather than none at all. Is the URL https?
Tanneme replied on at Permalink Reply
Tanneme
Gondwana, hi. Nope, just a regular http site. I get a similar message on all of my concrete5 sites and I assume it is because of the Admin logon feature.
mnakalay replied on at Permalink Reply
mnakalay
But did you set your https canonical URL in the dashboard settings to something non-SSL?
Or do you have something in your htaccess file trying to force a redirection to https?

Because Gondwana is right, that message really sounds like you have an expired or non-existing SSL certificate while the page is trying to load as an SSL protected page
Tanneme replied on at Permalink Reply
Tanneme
So, thanks to Gondwana and mnakalay, my security problem has been fixed. Equal kudos to the two of you – not to mention a ton of research on my part. Initially I did not have an SSL Certificate, the .htaccess file was empty, and the URLs and Redirection page for my website had not been configured.

I decided that while this was a small site with a small user group, it presented an excellent learning opportunity. I purchased a three year SSL Certificate at SSL.com for $4.99/yr. which HostGator installed for $10. I then updated the .htaccess file and the URLs and Redirection page and all is well. All non-SSL URL entries are being redirected to the https:// version and no more nuisance “Connection is Not Secure” error messages.

Thanks again for steering me in the right direction.
mnakalay replied on at Permalink Reply
mnakalay
That's great, congrats.
Gondwana replied on at Permalink Reply
Gondwana
Well done! It would have been interesting to know what was causing the initial problem. One wonders whether the host incorrectly installed a certificate on a shared server in such a way that it was affecting more sites than it should have.