Login ProductsSalesSupportDownloadsAbout |
Home » Technical Support » Elevate Web Builder Technical Support » Support Forums » Elevate Web Builder General » View Thread |
Messages 1 to 5 of 5 total |
How To Login Securely Without HTTPS? |
Sun, Nov 20 2016 7:16 PM | Permanent Link |
Frederick Chin | When I login into Elevatesoft's web site, I do not see the use of HTTPS to secure my user name and password.
How do I achieve the same result with EWB without using Stunnel? I do not like to use Stunnel because I keep getting an "Invalid certificate" message from the browser and it is both annoying and unprofessional looking. Frederick |
Mon, Nov 21 2016 3:55 AM | Permanent Link |
Matthew Jones | Frederick Chin wrote:
> When I login into Elevatesoft's web site, I do not see the use of HTTPS to secure my user name and password. > > How do I achieve the same result with EWB without using Stunnel? I do not like to use Stunnel because I keep getting an "Invalid certificate" message from the browser and it is both annoying and unprofessional looking. The Elevate web site is not secure at all, so that's why you don't see it. The fix for your certificate issue is to get a certified one. You can either buy one, or get one "free" from somewhere like Let's Encrypt letsencrypt.org. I quote the free because there is effort involved, which is designed to be automated. There are scripts available for lots of systems and you can code it yourself, but it may be too much for some. Some of the commercial vendors are doing short term free certificates to compete. If you are getting into this, I also recommend buying a wildcard certificate. It is about 2.5 times the price, but you can use it all over for testing etc. So I have on our DNS server a number of test hosts, like test1.mydomain.com which maps to a local only IP number (like 192.168.1.111), which is a test VM I use. This means that I can connect to the "server" running in the IDE, using a domain that is fully validated. No more annoying certificate warnings. -- Matthew Jones |
Mon, Nov 21 2016 12:00 PM | Permanent Link |
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com | Matthew,
<< The Elevate web site is not secure at all, so that's why you don't see it. >> Whoa, hold on a second. The user profile login process isn't secured (that's changing soon, BTW), but all e-commerce functions are 100% secure and we get an A- from the Qualys SSL tests: https://www.ssllabs.com/ssltest/ on our SSL implementation. Tim Young Elevate Software www.elevatesoft.com |
Mon, Nov 21 2016 3:11 PM | Permanent Link |
Matthew Jones | Tim Young [Elevate Software] <timyoung@elevatesoft.com> wrote:
> Matthew, > > << The Elevate web site is not secure at all, so that's why you don't see it. >> > > Whoa, hold on a second. The user profile login process isn't secured > (that's changing soon, BTW), but all e-commerce functions are 100% secure > and we get an A- from the Qualys SSL tests: > > https://www.ssllabs.com/ssltest/ > > on our SSL implementation. > > Tim Young > Elevate Software > www.elevatesoft.com > > Apologies - I was incomplete in my answer and just referring to the part referred to in the original. -- Matthew Jones |
Tue, Nov 22 2016 2:04 AM | Permanent Link |
Frederick Chin | "Matthew Jones" wrote:
/* The fix for your certificate issue is to get a certified one. You can either buy one, or get one "free" from somewhere like Let's Encrypt letsencrypt.org. I quote the free because there is effort involved, which is designed to be automated. There are scripts available for lots of systems and you can code it yourself, but it may be too much for some. Some of the commercial vendors are doing short term free certificates to compete. */ I think I will try the Let's Encrypt option first and see how things turn out since I need to make some effort anyway because the web server is not hosted on shared hosting sites where someone can install it for me. /* If you are getting into this, I also recommend buying a wildcard certificate. It is about 2.5 times the price, but you can use it all over for testing etc. So I have on our DNS server a number of test hosts, like test1.mydomain.com which maps to a local only IP number (like 192.168.1.111), which is a test VM I use. This means that I can connect to the "server" running in the IDE, using a domain that is fully validated. No more annoying certificate warnings. */ I can live with the warnings when I am testing the application but it is when they appear when the client uses it live that causes embarrassing answers to be given. Frederick |
This web page was last updated on Friday, September 13, 2024 at 03:42 PM | Privacy PolicySite Map © 2024 Elevate Software, Inc. All Rights Reserved Questions or comments ? E-mail us at info@elevatesoft.com |