Heartbleed and discussions.agilebits.com
https://watchtower.agilebits.com/check?h=discussions.agilebits.com should tell you everything I want to say here. I would think that this site would want to be a good citizen as far as Heartbleed information goes. Why is there so little information on this page?
Comments
-
Hi Jim,
Watchtower is correct in reporting that the certificate can't be verified. In terms of Heartbleed, it is all fixed. But in terms of general certificate configuration there is another problem that we need to straighten out and that Watchtower is correctly warning you about.
The current situation with SSL certificates and discussions.agilebits.com is, well, less than ideal. (This will change soon.) Our discussion forums are hosted by Vanilla Forums. We've "outsourced" the hosting of the forums so we can focus on what we love to do. So the SSL certificate that you see for discussions.agilebits.com is actually for *.vanillaforums.com. Your browser should actually warn you about a hostname mismatch.
Now you can also select the 'Always trust '*.vanillaforums.com' when connected to "discussions.agilebits.com"' box, so that you don't see this sort of warning each time. But these warnings do, in general matter. So Watchtower will not "approve" a certificate if it doesn't appear to be the right certificate for the domain.
We're currently working with Vanilla to get a new SSL certificate for discussions.agilebits.com, once that is complete you will stop seeing the host mismatch warning when connecting to https://discussions.agilebits.com and see Watchtower saying that the certificate looks good.
0 -
You're welcome! Watchtower is in fact correctly reporting the status of the forum at the moment, even though that "Not verified" status is not ideal. Hopefully we can get that changed soon! :)
0
