# ASF moving to HTTPS



## Joe Blow (12 February 2017)

In the next couple of weeks ASF will be moving from HTTP to HTTPS, simply because it is becoming more important for websites to adopt the more secure protocol. 

I am hoping that everything will go smoothly when the changeover occurs and it will be mostly unnoticeable due to redirects being put in place.

I adjusted one of the settings last night while I was conducting some testing and when I woke up this morning found that I was having some issues logging in. I have since changed the setting back to what it was originally. If anyone else is experiencing any website weirdness please let me know in this thread.

Thanks!


----------



## galumay (12 February 2017)

Had the login issue too this morning so it must have been sitewide.


----------



## ThingyMajiggy (12 February 2017)

Joe Blow said:


> In the next couple of weeks ASF will be moving from HTTP to HTTPS, simply because it is becoming more important for websites to adopt the more secure protocol.
> 
> I am hoping that everything will go smoothly when the changeover occurs and it will be mostly unnoticeable due to redirects being put in place.
> 
> ...




Wait what? ASF has been HTTP this whole time? It's showing HTTPS in my browser? What part hasn't been HTTPS?


----------



## Joe Blow (12 February 2017)

galumay said:


> Had the login issue too this morning so it must have been sitewide.




Are you still experiencing any issues?



ThingyMajiggy said:


> Wait what? ASF has been HTTP this whole time? It's showing HTTPS in my browser? What part hasn't been HTTPS?




I've got the certificate installed but I haven't configured the forum software properly yet. Are you experiencing any issues on HTTPS?


----------



## ThingyMajiggy (12 February 2017)

Joe Blow said:


> I've got the certificate installed but I haven't configured the forum software properly yet. Are you experiencing any issues on HTTPS?




No all good, I was just convinced that logging in on ASF has always been via HTTPS, so am a bit surprised to see now that we're "going to HTTPS". Knowing how easy it is to sniff credentials over the wire, I'm surprised more than anything, all is running well though for me.


----------



## Joe Blow (12 February 2017)

ThingyMajiggy said:


> No all good, I was just convinced that logging in on ASF has always been via HTTPS, so am a bit surprised to see now that we're "going to HTTPS". Knowing how easy it is to sniff credentials over the wire, I'm surprised more than anything, all is running well though for me.




OK that's great news. Thanks for letting me know. I will try and configure the forum software and set up the redirects tonight so it is ready for next week.


----------



## Cam019 (12 February 2017)

Had a login issue this morning as well, but no problems since then.


----------



## galumay (12 February 2017)

Joe Blow said:


> Are you still experiencing any issues?




No, all godd once you fixed the login.

I checked and like thingmajiggy my browser shows the address as https too.


----------



## pixel (12 February 2017)

My bookmark had been https://www.aussiestockforums.com/ for years, but some time ago, my browser reverted to http. When I check why there is no lock icon, a warning pops up:




I didn't make a fuss because I figured, if there were anything uncouth coming from the site, my AVG would take care of it.

wrt Login: Yes, Joe, I was wondering why I had to login after a PC reboot.  Meant to ask you about it if it had persisted. But wasn't in a hurry because it's not really a big issue. Even better if it's already fixed. 

PS: Changed the bookmark back to https, and am pleased to report it's now showing the security lock.


----------



## Iggy_Pop (12 February 2017)

I could not log in last night but working ok now

Iggy


----------



## myrtie100 (12 February 2017)

Hi Joe. My log in isn't sticking on my mobile. I have to keep logging in once i close the browser, yet i have ticked the keep me logged in box.


----------



## Joe Blow (12 February 2017)

I'm going to try and do the HTTPS changeover shortly. Many of you may need to log in again.

Let's see how it goes.


----------



## Joe Blow (13 February 2017)

OK, I messed up. Sorry about that 15 minutes of downtime. I'll try again another time.


----------



## Joe Blow (13 February 2017)

myrtie100 said:


> Hi Joe. My log in isn't sticking on my mobile. I have to keep logging in once i close the browser, yet i have ticked the keep me logged in box.



Hi Myrtie, try deleting the browser cache and rebooting your device to see if that helps.


----------



## pixel (13 February 2017)

Joe Blow said:


> OK, I messed up. Sorry about that 15 minutes of downtime. I'll try again another time.



Whatever you did seems to have worked, thanks Joe 
This morning, I didn't have to log on again. I'm now back to using https:// and Firefox confirms that is indeed secure.


----------



## Joe Blow (13 February 2017)

pixel said:


> Whatever you did seems to have worked, thanks Joe
> This morning, I didn't have to log on again. I'm now back to using https:// and Firefox confirms that is indeed secure.



I'm glad things are back to normal but I'm not sure I know what I'm doing. Last night I tried forcing all HTTP requests to HTTPS and got a server error and 15 minutes of downtime for my trouble. I'll do some more reading and try again next weekend, probably late on a Saturday night when ASF's traffic is at it's lowest level.


----------



## ThingyMajiggy (13 February 2017)

pixel said:


> I didn't make a fuss because I figured, if there were anything uncouth coming from the site, my AVG would take care of it.




It's not really about anything coming from the site, it's really very easy to sniff your credentials when a site is just using HTTP and not HTTPS as it's transmitted in plain text and not encrypted. Your anti-virus would do nothing about it. Just a heads up for those that don't know.


----------



## ThingyMajiggy (13 February 2017)

See what I mean, transmitted in plain text. You'll want to get on that as soon as possible Joe, at least for logging in. Don't login/use ASF on any public wifi or untrusted networks around the place, like at your local coffee shop etc while it's HTTP at least.


----------



## pixel (13 February 2017)

ThingyMajiggy said:


> when a site is just using HTTP and not HTTPS as it's transmitted in plain text and not encrypted.



Thanks for clarifying that 
Nothing to be sniffed out from me. I'm behind my own firewall. Never use public wifis, least of all for banking and trading, but as a matter of principle not posting or blogging either.
Logins are different for every site I use. 
... but I do appreciate your concern and, especially, Joe's efforts to keep us all protected.


----------



## Bill M (14 February 2017)

In the last 24 hours I have returned to ASF at least 5 times and on each occasion I had been logged out and had to sign in again. The last one was 3 minutes ago. And yes I ticked the "stay logged in" tab, just letting you know, cheers.


----------



## Joe Blow (14 February 2017)

Bill M said:


> In the last 24 hours I have returned to ASF at least 5 times and on each occasion I had been logged out and had to sign in again. The last one was 3 minutes ago. And yes I ticked the "stay logged in" tab, just letting you know, cheers.



Hi Bill, apologies for the inconvenience. Try deleting your browser cache and restarting your PC. I was having the same trouble but managed to solve it by using that method.


----------



## Bill M (14 February 2017)

^^Thanks Joe, that worked!^^


----------



## Joe Blow (18 February 2017)

I'll be giving this another shot a little later tonight. Fingers crossed it works this time.


----------



## Joe Blow (18 February 2017)

It appears as though ASF is now finally forcing HTTPS. Is anyone out there experiencing any issues?


----------



## Parse (18 February 2017)

Works fine here Joe.

SSL cert is only until March? Is that something for testing with. When you go to actually purchase one, buy the dirt cheapest you can get. Remember the cert is only the signing authority, it's a way for companies to make money by saying "Oh yeah that website, yeah I can verify that it's a legit website because the guy paid me to auth his ssl key". The actual web server and browser client do the actual work, ssl/encryption etc.


----------



## pixel (18 February 2017)

Joe Blow said:


> It appears as though ASF is now finally forcing HTTPS. Is anyone out there experiencing any issues?



perfect so far.
I didn't notice any difference.


----------



## pixel (21 February 2017)

pixel said:


> I didn't notice any difference.



This morning, I was demoted to a visitor and had to log on anew.
It may well have been because the "stay logged in" period had expired.


----------



## Joe Blow (21 February 2017)

pixel said:


> This morning, I was demoted to a visitor and had to log on anew.
> It may well have been because the "stay logged in" period had expired.



Sorry about that. I upgraded the forum software to the latest version late last night which must have been the reason for it, as I was also logged out this morning and had to log in manually.


----------



## Logique (22 February 2017)

The https protocol is working fine here Joe.  I had to log in again, no problem.

Just noticed that the new software places a small personal avatar next to listed threads that I've posted on in the past, a nice new feature - as is the https


----------



## pixel (22 February 2017)

Logique said:


> The https protocol is working fine here Joe.  I had to log in again, no problem.
> 
> Just noticed that the new software places a small personal avatar next to listed threads that I've posted on in the past, a nice new feature - as is the https



Did you also notice the (faint) little green arrows at the right edge near the bottom? Hover over them and you'll see an up and a down arrow that bring you with a single clisk to top and bottom of the displayed page. Very useful when the scrollbar is very long. :thumbsup:


----------



## Logique (23 February 2017)

pixel said:


> Did you also notice the (faint) little green arrows at the right edge near the bottom? Hover over them and you'll see an up and a down arrow that bring you with a single clisk to top and bottom of the displayed page. Very useful when the scrollbar is very long. :thumbsup:



I hadn't noticed that before, or the 'online now' green triangle at left of page, good features


----------

