Before yesterday, if a web browser asked for a more-secure encrypted
communication to the Phys-L server (using the Hypertext Transfer Protocol
Secure, AKA HTTPS), the public key certificate that was presented to the
browser was self-signed by myself. This certificate is needed to initiate
the secure transfer. Being self-signed, it is not validated by a trusted
third party. Most present-day browsers will warn the user that the
connection may not be trusted fully. This may be disconcerting in the least
and has caused some Phys-L subscribers to not view the archives on a
regular basis.
To alleviate these concerns I began to investigate a low-cost way to have a
public key certificate signed by a trusted third party. I did find a method
to produce a certificate at no cost and was emboldened to pursue this path
upon the recommendation of John Denker, familiar to most, if not all,
Phys-L subscribers. I have now setup up the server to use such a
certificate and I would like to use this on Phys-L going forward. It seems
to be working well on my end, both desktop and mobile, and I would like to
hear if there are any issues with the use of any secure communication to
Phys-L.
To access Phys-L using an encrypted channel, you simply point a browser to
Phys-L using https://www.phys-l.org as the URL. By the way, the method used
to acquire a no-cost certificate is provided by a project called "Let's
Encrypt". More information on this project may be found here: https://en.wikipedia.org/wiki/Let's_Encrypt .
Cheers and a Happy New Year,
Mark Kimball, Administrator
Phys-L.org