Sight not secure.

Discussion in 'Tips On Using The Board' started by PGSS, Mar 23, 2019.

  1. PGSS

    PGSS Well-Known Member

    I've noticed starting yesterday that this sight is showing me the Not secure red triangle.
    Guy's I am a really stupid with anything laptop. Is this something on my end or did the forum require a new upgrade of some sorts?
     
  2. flynbuick

    flynbuick Super Moderator Staff Member

  3. PGSS

    PGSS Well-Known Member

    Thank you Jim,
    I just saw it pop up for the first time yesterday and didn't think to do some searching on the issue..
     
  4. GS Jim

    GS Jim Platinum Level Contributor

    Every time I come on here I have to sign in and it tells me that I have the wrong password. I have to go through the new password ritual to get signed on.

    Jim (Ponch)
     
  5. TrunkMonkey

    TrunkMonkey Well-Known Member

    Tried to keep it brief, but....

    The password issue is either "stale" (cached web page for the site) or cookies. It has nothing to do with the SSL issue.



    The SSL issue is due to connections using HTTP port 80 rather than HTTPS port 443.

    This website has a correctly applied SSL and certificate. (it is a multi domain SSL and both www.v8buick.com and v8buick.com are valid and either are considered used in the examples below)

    If you are connecting using "http://v8buick.com" you likely will see the message.
    If you use "https://v8buick.com" you should not see the message.

    If you see the message when using "https" then you can look up the method for adding this (and other sites)SSL certificate to your browser by googling "How to add a trusted CA certificate to "browser name" (Firefox, Opera, Chrome, Safari, IE, etc).

    SSL (Secure Sockets Layer) is part of the TCP/IP protocol that is used to secure the data sent between a client (your computer) and the website (the server where V8Buick.com is running).

    SSL encrypts that traffic. Think of it as scrambled information to anyone who might get access to it in the "pipe/cloud" between the client and server during "communications". All traffic that is not encrypted is passing through the internet as "plain text" and can be read like this post. Encrypted traffic (plain text in bold and the encrypted is in bold italics) will look like this:

    This is encrypted text.

    EnCt2d1841d421f1fedbd41c54f7c968416fd9ba172a0d1841d421f1fedbd41c54f7cGkCkEE6faQN
    pMBRkllzlteY6E+oySGLBhes/hQ82uSP0YBxfGQ==IwEmS

    The SSL certificate uses "keys" on both ends that are used to encrypt and decrypt the traffic. Most sites use various "cyphers" and "bit length" (think strength) for encryption. (This is generalized and simplified, the "use" of encryption is very complex as it becomes more and more secure in its application.)

    Internet browsers have begun using SSL checking of sites and "warning" people of sites or sessions that are not secure. Many reasons for the SSL error exist, and too much detail to go into here.

    But, the only thing that is compromised during a session is the information in that session.

    Information already present on the server is not relevant to the issue, only the actual information passed between server and client during the active session.

    Now, "saved password" feature of your browser puts your username/password at risk because it may transmit that when you start a new interaction with the server, or log out when you close (like banks and other sites that auto close out/log you off when you leave or after periods of inactivity.)

    Hope that helps.
     

Share This Page