Website Not Secure?

Thought I’d bring this to the attention of the Topaz team.

While I was logged in successfully and replying to a post I happened to notice a Red text message in the browser header … website not secure… I was going to do a screen grab but hit the refresh button instead and it returned to normal… displaying_discuss. topazlabs.com

I wish I had done a screen grab but thought maybe Topaz should check it out on their end?
I have never seen this before… ever? Has anyone else come across this today?

Could it just be a glitch of some kind?

It just happened again while sending @JoeFedric-TL an invite to this post?

Here is the screen grab… look at the top header?

I think the message depends on your browser as the Forum site isn’t encrypted.

1 Like

I had the same trouble this morning where the alert was that the certificate was not valid. As I’m posting now I am not getting any alerts.

1 Like

Thanks @AiDon and @fvanderb for your feedback.

Firefox is reporting the same certificate error as yesterday morning.
See screenshot below.

My reply above was via email and I did not add the exception. This reply is via a second visit to discuss and I did not have a certificate error. I think Topaz switches servers during the day and one of them has a certificate error while the other does not. I know this because I get double entries on my feed reader for the same topic and one I can access while the other I can not.

We don’t force https by default on the server, which is why the connection security error is displayed. Many browsers are now showing this at all times, when you connect through http. I still haven’t had a chance to put the forums on my priority list, but that time should actually be coming very soon. We have major changes planned for the Topaz user experience on the main site, which will dominate my time for the next few weeks. Once that is over, though, I’ll be going through the various online presences we have like these forums, and correcting errors anywhere that I see them.

The feed reader/RSS links are actually delivering the Amazon EC2 instance URI, which is creating the “double” links in the email. This is one of a few bugs I have on my list to be corrected.

The use of https and our trusted SSL Certification will be updated when that happens, as well. It’s worth it to note that you can connect through https, if you want to. The only reason you’re seeing this invalid security certificate error is because the SSL certificate is self-signed (meaning we created the cert, not a “trusted authority” like Comodo, Symantec, and Digicert). Basically, the idea is that you should never trust an SSL certificate created by someone you don’t know. However, I can assure you that our SSL cert is safe – we created it. The browser only knows to throw the warning because we signed it ourselves, which is often a sign that a site has been compromised. Again, however, I can confirm that the forums have not been compromised, though we do not use https, which means we don’t actually leverage the SSL cert that much.

Regarding the use of http vs https, in the context of login information, it’s worth it to note that the forums use a Single Sign On (SSO) provider to log you in, and that provider is the main Topaz Labs website, which IS forced-https, and DOES have a valid/trusted SSL certificate.

I hope this clarifies, for anyone that was able to follow my response so far =]

4 Likes

Thanks @JoeFedric-TL for clarifying the concerns about this info being displayed.

I think I did notice an Amazon address once when I downloaded a posters image? When clicking download, I remember it taking me to an Amazon page?

The reason we do this is related to the forum data loss last year. Instead of storing all our images in the same place as the forum software, we are storing the images in a totally different place, in Amazon S3 storage. The discourse software that runs the forum itself is stored on an Amazon EC2 VPS (Virtual Private Server) instance. We completely control the hosting now, so the total data loss shouldn’t happen again. However, the way we configured Discourse this go-round made it a bit more difficult to keep updated, which is why several of these problems have not yet been addressed. My role will change a bit over the coming weeks, and the problems that have existed on the forums will become exclusively my domain to address. That will mean I’ll be able to turn my focus there. Of course, that means I’ll have less time to devote to support, but I can only be in so many places at once =P

4 Likes

What I have found is that I often get this message if I access User Forums through the program. I am then completely blocked from going further with through Safari and Firefox.
However, if I go out of the Studio program and access Forums directly thriugh the Studio website it doesnt appear.
Happened again just now.

I just now noticed this but in the upper left corner of the address bar in big red letters it states: NOT SECURE.
Is this just my computer?
Notice the screenshot.

It seems so. It looks like a message displayed by some security/anti-virus software. What are you using? Do you only see this on the Topaz forum?

It’s been like that for quite some time now:

Here is an explanation April 23,