Chronology Current Month Current Thread Current Date
[Year List] [Month List (current year)] [Date Index] [Thread Index] [Thread Prev] [Thread Next] [Date Prev] [Date Next]

[Phys-L] Phys-L and HTTPS



All,

Before yesterday, if a web browser asked for a more-secure encrypted
communication to the Phys-L server (using the Hypertext Transfer Protocol
Secure, AKA HTTPS), the public key certificate that was presented to the
browser was self-signed by myself. This certificate is needed to initiate
the secure transfer. Being self-signed, it is not validated by a trusted
third party. Most present-day browsers will warn the user that the
connection may not be trusted fully. This may be disconcerting in the least
and has caused some Phys-L subscribers to not view the archives on a
regular basis.

To alleviate these concerns I began to investigate a low-cost way to have a
public key certificate signed by a trusted third party. I did find a method
to produce a certificate at no cost and was emboldened to pursue this path
upon the recommendation of John Denker, familiar to most, if not all,
Phys-L subscribers. I have now setup up the server to use such a
certificate and I would like to use this on Phys-L going forward. It seems
to be working well on my end, both desktop and mobile, and I would like to
hear if there are any issues with the use of any secure communication to
Phys-L.

To access Phys-L using an encrypted channel, you simply point a browser to
Phys-L using https://www.phys-l.org as the URL. By the way, the method used
to acquire a no-cost certificate is provided by a project called "Let's
Encrypt". More information on this project may be found here:
https://en.wikipedia.org/wiki/Let's_Encrypt .

Cheers and a Happy New Year,
Mark Kimball, Administrator
Phys-L.org