Announcement

Collapse

The Alpha Software Forum Participation Guidelines

The Alpha Software Forum is a free forum created for Alpha Software Developer Community to ask for help, exchange ideas, and share solutions. Alpha Software strives to create an environment where all members of the community can feel safe to participate. In order to ensure the Alpha Software Forum is a place where all feel welcome, forum participants are expected to behave as follows:
  • Be professional in your conduct
  • Be kind to others
  • Be constructive when giving feedback
  • Be open to new ideas and suggestions
  • Stay on topic


Be sure all comments and threads you post are respectful. Posts that contain any of the following content will be considered a violation of your agreement as a member of the Alpha Software Forum Community and will be moderated:
  • Spam.
  • Vulgar language.
  • Quotes from private conversations without permission, including pricing and other sales related discussions.
  • Personal attacks, insults, or subtle put-downs.
  • Harassment, bullying, threatening, mocking, shaming, or deriding anyone.
  • Sexist, racist, homophobic, transphobic, ableist, or otherwise discriminatory jokes and language.
  • Sexually explicit or violent material, links, or language.
  • Pirated, hacked, or copyright-infringing material.
  • Encouraging of others to engage in the above behaviors.


If a thread or post is found to contain any of the content outlined above, a moderator may choose to take one of the following actions:
  • Remove the Post or Thread - the content is removed from the forum.
  • Place the User in Moderation - all posts and new threads must be approved by a moderator before they are posted.
  • Temporarily Ban the User - user is banned from forum for a period of time.
  • Permanently Ban the User - user is permanently banned from the forum.


Moderators may also rename posts and threads if they are too generic or do not property reflect the content.

Moderators may move threads if they have been posted in the incorrect forum.

Threads/Posts questioning specific moderator decisions or actions (such as "why was a user banned?") are not allowed and will be removed.

The owners of Alpha Software Corporation (Forum Owner) reserve the right to remove, edit, move, or close any thread for any reason; or ban any forum member without notice, reason, or explanation.

Community members are encouraged to click the "Report Post" icon in the lower left of a given post if they feel the post is in violation of the rules. This will alert the Moderators to take a look.

Alpha Software Corporation may amend the guidelines from time to time and may also vary the procedures it sets out where appropriate in a particular case. Your agreement to comply with the guidelines will be deemed agreement to any changes to it.



Bonus TIPS for Successful Posting

Try a Search First
It is highly recommended that a Search be done on your topic before posting, as many questions have been answered in prior posts. As with any search engine, the shorter the search term, the more "hits" will be returned, but the more specific the search term is, the greater the relevance of those "hits". Searching for "table" might well return every message on the board while "tablesum" would greatly restrict the number of messages returned.

When you do post
First, make sure you are posting your question in the correct forum. For example, if you post an issue regarding Desktop applications on the Mobile & Browser Applications board , not only will your question not be seen by the appropriate audience, it may also be removed or relocated.

The more detail you provide about your problem or question, the more likely someone is to understand your request and be able to help. A sample database with a minimum of records (and its support files, zipped together) will make it much easier to diagnose issues with your application. Screen shots of error messages are especially helpful.

When explaining how to reproduce your problem, please be as detailed as possible. Describe every step, click-by-click and keypress-by-keypress. Otherwise when others try to duplicate your problem, they may do something slightly different and end up with different results.

A note about attachments
You may only attach one file to each message. Attachment file size is limited to 2MB. If you need to include several files, you may do so by zipping them into a single archive.

If you forgot to attach your files to your post, please do NOT create a new thread. Instead, reply to your original message and attach the file there.

When attaching screen shots, it is best to attach an image file (.BMP, .JPG, .GIF, .PNG, etc.) or a zip file of several images, as opposed to a Word document containing the screen shots. Because Word documents are prone to viruses, many message board users will not open your Word file, therefore limiting their ability to help you.

Similarly, if you are uploading a zipped archive, you should simply create a .ZIP file and not a self-extracting .EXE as many users will not run your EXE file.
See more
See less

HTTPS issues

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • HTTPS issues

    My website has recently developed some issues with it's security setup.

    I am consistently getting security errors on several pages of my Alpha Server. However, when the pages do load, the security appears fine. It gives a solid lock.

    If I check the server rating I get an A.

    It acts as if sometimes it is simply not connecting properly with the servers in charge of checking the security in the first place.

    This is ONLY happening in Edge and Firefox. Chrome does not seem to be having an issue.

    During the summer our website is not even busy, so it's not too much traffic.

    Anyone else experiencing issues with HTTPS recently?

  • #2
    Re: HTTPS issues

    I would look into the issuer of the cert as a source of unreliability, who is the issuer of the cert? are you getting a specific error?
    NWCOPRO: Nuisance Wildlife Control Software My Application: http://www.nwcopro.com "Without forgetting, we would have no memory at all...now what was I saying?"

    Comment


    • #3
      Re: HTTPS issues

      The site is hosted on ZebraHost. They setup the certificate and they have tested it for me today. The certificate is from RapidSSL RSA CA 2018.

      If you want to take a look yourself, it is easytrack.us

      Like I've said it doesn't ALWAYS give an error, but it's happening often enough to be concerning.

      Comment


      • #4
        Re: HTTPS issues

        I was able to duplicate your error. What I think is happening is that when the URL is being called, it is sometimes calling a resource which is unsecured (such as an api or library call). You could always reissue the cert and hopefully remove that as a potential cause, then start analyzing your external calls. Sometimes you can have a local resource be called if an external resource isn't available, and sometimes the local resource url isn't fully qualified. Just a thought.

        Comment


        • #5
          Re: HTTPS issues

          I thought of that, but ….

          If it was calling any unsecured resources, wouldn't that show up in the JavaScript console? I've looked and not seen anything like that.

          This is a site that has been up for about 8 years btw. This is an issue that has only recently been reported.

          I am not on the latest version of Alpha, but my version is not very old either.

          Comment


          • #6
            Re: HTTPS issues

            I believe RapidSSL is owned by DigiCert now. I know they had some Root certificate updates. Is your cert using the right chain? Maybe it is hitting an old root cert. We had an issue with Citrix Receiver that they issued a patch for the root certs.
            Never take a ride to the edge of your mind unless you've got a ticket back - Jon Oliva - Savatage.

            Comment


            • #7
              Re: HTTPS issues

              I will ask ZebraHost to do a complete reissue of the SSL and see if that fixes the issue.

              I'll let you know once that is completed.

              Comment


              • #8
                Re: HTTPS issues

                How do you duplicate the error? I loaded your login page and the new user page many times using Firefox 68.0.2 and never got a security error. I cannot test with Edge because I am on Windows Server 2016.

                Is your client up to date on all Windows updates? TLS negotiation is dependent on the client and server having matching ciphers, so a missing update on the client could also lead to this type of problem.

                Lenny Forziati
                Vice President, Internet Products and Technical Services
                Alpha Software Corporation

                Comment


                • #9
                  Re: HTTPS issues

                  It happens mostly (and frequently) in Edge. In Firefox it happens much less often and is actually much better since the reissue of the certificate. And yes, the client is up to date. And unfortunately, that doesn't matter, because the client for most of those pages is the general public.

                  I will try the ciphers tonight, just to be safe and report back tomorrow.

                  Comment


                  • #10
                    Re: HTTPS issues

                    So, I have reset the ciphers, reissued the certificate and still I am getting security errors on Edge.

                    I am getting security errors even on pages that have almost nothing on them. (Like the login page.)

                    And the errors are intermittent. I mean, if the site was truly insecure, shouldn't it report as insecure every time? But you can actually visit 3 or 4 pages sometimes before getting an error, then you can refresh and the error goes away.

                    This site has been running fine for YEARS and it's only developed this issue about a month ago, maybe a little longer - the summer is really slow for us. I have not updated or changed the Alpha server in that time - though I have made plenty of site improvements.

                    I am out of ideas here - Is no one else having this issue accessing their site with Edge?

                    Comment


                    • #11
                      Re: HTTPS issues

                      Your login page is trying to get a logo from a different web site:

                      https://www.studentadventures.org/images/logo.png

                      Comment


                      • #12
                        Re: HTTPS issues

                        That is true, thank you. I fixed that now. Still getting a security error. I would think that a bad link would show no image (which was happening) or show an error image, but it shouldn't cause the site to register as insecure.

                        The Student Adventures .org site it was referencing is not having any security issues, and unfortunately, it has a spot which is referencing the same incorrect file. (Which I will get fixed next …)

                        Is there any easy way to find all bad links on a page? I usually just look in the console, but it wasn't showing that link I think because it was a background image in a CSS file. How did YOU find it?

                        Comment


                        • #13
                          Re: HTTPS issues

                          I just tried your login page in both Chrome and Edge. I don't have any security problems in either. Where are you seeing these problems?
                          Mike Brown - Contact Me
                          Programmatic Technologies, LLC
                          Programmatic-Technologies.com
                          Independent Developer & Consultant

                          Comment


                          • #14
                            Re: HTTPS issues

                            Larry,
                            In Edge, I turned on Developer Tools and went to the "Network" tab instead of the "Console" tab, before navigating to the web site.

                            I think browsers are going to become more and more picky about security and loading resources from different domains, especially when both domains specify "https". It is a lot of work for the browser and server to negotiate what security algorithm they are going to use for TLS or SSL. In a page that loads resources from multiple "https" sites, I don't know what the browsers are going to start doing when the sites have differing levels of TLS and SSL support, you know, all that Cipher list stuff.

                            Comment


                            • #15
                              Re: HTTPS issues

                              Larry,
                              You might also check what is going on with "index.a5w".

                              It shows status code "302 / Found" in the "Network" tab in Dev Tools. I would expect it to not even show up in that tab, yet. Check the Alpha server, default page settings, maybe?

                              Comment

                              Working...
                              X