Website certificate not trusted

[TheATLien]

To Whom this may concern,

When accessing the site I'm getting an untrusted certificate error due to a name mismatch with the cert. I would highly suggest that this be addresses with a reissued cert and if you are going to do this I highly suggest moving to TLS 1.3.

Here is the Qualys Report:
https://www.ssllabs.com/ssltest/analyze.html?d=saddlehunter.com

Due to this passwords are being sent over a open network and not encrypted. Also Cross Site Scripting is not being blocked.

I would also highly suggest running the site against a pen-test tool when the changes have been made. The link is to a free online tester.
https://pentest-tools.com/website-vulnerability-scanning/web-server-scanner?run

@redsquirrel

 

[sureshotscott]

Google and some other big names are pushing SSL/HTTPS everywhere, which is sort of a PITA for non-big names to implement.

You're complaining about what is more-or-less a nag-screen. So keep in mind the thinking behind what Google et al are saying: don't post anything on saddlehunter you wouldn't want posted on the front page of the New York Times, because it's not secret. Even your local Starbucks network admin could sniff your super-secret saddle details in the milliseconds before it was posted to saddlehunter. Wow.

You should demand HTTPS/SSL from your online bank, but this is AFAIK a hobbyist/enthusiast forum. Much different.

ETA: the HTTPS connection is functional, but there is some other (more complicated) issue with the connection. BFD

 

[TheATLien]

@sureshotscott

I know what i’m asking of the operator of this site. Security should be paramount in a digital world that we live in.

edited for language

 

[sureshotscott]

 

[redsquirrel]

Thank you for your concerns. I will look into it.