Site Notes

Update to HTTPS on Raise the Hammer

By Ryan McGreal
Published February 06, 2012

Raise the Hammer now has its own SSL Certificate for Secure HTTP connections to the site, using the free StartSSL certification service by StartCom.

This means you should no longer get scary security warnings from your browser if you use HTTPS instead of plain HTTP to browse RTH.

When you view RTH pages using HTTPS instead of HTTP, all content transmitted over the internet between your computer and the web server is first encrypted instead of being sent in plain text. This makes it much more difficult for a malicious third party to intercept the data and read it as it travels across the network.

This change is part of our ongoing efforts to make your use of RTH more secure.

Background

Last March, RTH introduced the ability to access the site using the HTTPS protocol. An HTTPS connection (rather than an HTTP connection) means any data transmitted between your computer and the web server (like your username and password) is encrypted so that other people cannot see your login and hijack your user account.

The drawback to that earlier method is that it used the SSL certificate of our hosting provider, Webfaction.

As a result, if you used https to connect to the site, some browsers would issue a security warning that the domain name on the certificate - webfaction.com - did not match the domain name of this site - raisethehammer.org.

Using an SSL Certificate that is specifically dedicated to raisethehammer.org alleviates this issue.

The free StartSSL service does not include an Extended Validation Certificate, so your browser's location bar will not turn green when you connect via HTTPS. However, pages should load without any certificate warnings, and you will enjoy the security benefits of an encrypted connection to the site.

Notes

Ryan McGreal, the editor of Raise the Hammer, lives in Hamilton with his family and works as a programmer, writer and consultant. Ryan volunteers with Hamilton Light Rail, a citizen group dedicated to bringing light rail transit to Hamilton. Ryan writes a city affairs column in Hamilton Magazine, and several of his articles have been published in the Hamilton Spectator. He also maintains a personal website and has been known to post passing thoughts on Twitter @RyanMcGreal. Recently, he took the plunge and finally joined Facebook.

4 Comments

View Comments: Nested | Flat

Read Comments

[ - ]

By private guy (anonymous) | Posted February 06, 2012 at 12:48:33

Note that installing HTTPS everywhere will not result in the use of the HTTPS version of this site until you write and add rule for it, no time to show that right now by maybe Ryan will post one (Hint).

Thanks for adding this feature to the site Ryan.

Permalink | Context

By Ryan (registered) - website | Posted February 06, 2012 at 13:14:28 in reply to Comment 73743

maybe Ryan will post one (Hint)

The EFF has instructions on how to do it. Thanks for mentioning this!

Permalink | Context

[ - ]

By Undustrial (registered) - website | Posted February 06, 2012 at 20:23:15

On a slightly related note I recently tried to check out the Dissidents Hamilton facebook page and wasn't allowed since I don't have an account.

Good work.

Permalink | Context

[ - ]

By WRCU2 (registered) | Posted February 12, 2012 at 05:38:46

Ryan claims:

pages should load without any certificate warnings,

I thought IT might be clever as hot hell to have my old hammer bot use this new SSL although I wasn't too keen of which protocol: TLSv1, SSLv2 or SSLv3, but when I scripted for an auto encrypted socket this is all that was returned to me:

wrcu2:$ sh RC
--2012-02-12 04:43:46-- https://raisethehammer.org/comments/
Resolving raisethehammer.org... 174.133.21.86
Connecting to raisethehammer.org|174.133.21.86|:443... connected.
ERROR: cannot verify raisethehammer.org's certificate, issued by '/C=US/O=GeoTrust, Inc./CN=RapidSSL CA':
Unable to locally verify the issuer's authority.
ERROR: certificate common name '*.webfaction.com' doesn't match requested host name `raisethehammer.org'.
To connect to raisethehammer.org insecurely, use '--no-check-certificate'.
Unable to establish SSL connection.
grep: index.html: No such file or directory

Ryan also ensures:

you will enjoy the security benefits of an encrypted connection to the site.

Security benefits eh, what about privacy? Every single page at RTH contains a small piece of JavaScript from google-analytics.com and 75% of all websites on the Internet use the infamous ga.js code. Google can track users everywhere they go with this itty bitty script and as for the false sense of security, I can find no joy in any of IT.

Comment edited by WRCU2 on 2012-02-12 05:40:04

Permalink | Context

View Comments: Nested | Flat

Post a Comment

You must be logged in to comment.

Events Calendar

Recent Articles

Article Archives

Blog Archives

Site Tools

Feeds