Alpha Software Mobile Development Tools:   Alpha Anywhere    |   Alpha TransForm subscribe to our YouTube Channel  Follow Us on LinkedIn  Follow Us on Twitter  Follow Us on Facebook

Announcement

Collapse

The Alpha Software Forum Participation Guidelines

The Alpha Software Forum is a free forum created for Alpha Software Developer Community to ask for help, exchange ideas, and share solutions. Alpha Software strives to create an environment where all members of the community can feel safe to participate. In order to ensure the Alpha Software Forum is a place where all feel welcome, forum participants are expected to behave as follows:
  • Be professional in your conduct
  • Be kind to others
  • Be constructive when giving feedback
  • Be open to new ideas and suggestions
  • Stay on topic


Be sure all comments and threads you post are respectful. Posts that contain any of the following content will be considered a violation of your agreement as a member of the Alpha Software Forum Community and will be moderated:
  • Spam.
  • Vulgar language.
  • Quotes from private conversations without permission, including pricing and other sales related discussions.
  • Personal attacks, insults, or subtle put-downs.
  • Harassment, bullying, threatening, mocking, shaming, or deriding anyone.
  • Sexist, racist, homophobic, transphobic, ableist, or otherwise discriminatory jokes and language.
  • Sexually explicit or violent material, links, or language.
  • Pirated, hacked, or copyright-infringing material.
  • Encouraging of others to engage in the above behaviors.


If a thread or post is found to contain any of the content outlined above, a moderator may choose to take one of the following actions:
  • Remove the Post or Thread - the content is removed from the forum.
  • Place the User in Moderation - all posts and new threads must be approved by a moderator before they are posted.
  • Temporarily Ban the User - user is banned from forum for a period of time.
  • Permanently Ban the User - user is permanently banned from the forum.


Moderators may also rename posts and threads if they are too generic or do not property reflect the content.

Moderators may move threads if they have been posted in the incorrect forum.

Threads/Posts questioning specific moderator decisions or actions (such as "why was a user banned?") are not allowed and will be removed.

The owners of Alpha Software Corporation (Forum Owner) reserve the right to remove, edit, move, or close any thread for any reason; or ban any forum member without notice, reason, or explanation.

Community members are encouraged to click the "Report Post" icon in the lower left of a given post if they feel the post is in violation of the rules. This will alert the Moderators to take a look.

Alpha Software Corporation may amend the guidelines from time to time and may also vary the procedures it sets out where appropriate in a particular case. Your agreement to comply with the guidelines will be deemed agreement to any changes to it.



Bonus TIPS for Successful Posting

Try a Search First
It is highly recommended that a Search be done on your topic before posting, as many questions have been answered in prior posts. As with any search engine, the shorter the search term, the more "hits" will be returned, but the more specific the search term is, the greater the relevance of those "hits". Searching for "table" might well return every message on the board while "tablesum" would greatly restrict the number of messages returned.

When you do post
First, make sure you are posting your question in the correct forum. For example, if you post an issue regarding Desktop applications on the Mobile & Browser Applications board , not only will your question not be seen by the appropriate audience, it may also be removed or relocated.

The more detail you provide about your problem or question, the more likely someone is to understand your request and be able to help. A sample database with a minimum of records (and its support files, zipped together) will make it much easier to diagnose issues with your application. Screen shots of error messages are especially helpful.

When explaining how to reproduce your problem, please be as detailed as possible. Describe every step, click-by-click and keypress-by-keypress. Otherwise when others try to duplicate your problem, they may do something slightly different and end up with different results.

A note about attachments
You may only attach one file to each message. Attachment file size is limited to 2MB. If you need to include several files, you may do so by zipping them into a single archive.

If you forgot to attach your files to your post, please do NOT create a new thread. Instead, reply to your original message and attach the file there.

When attaching screen shots, it is best to attach an image file (.BMP, .JPG, .GIF, .PNG, etc.) or a zip file of several images, as opposed to a Word document containing the screen shots. Because Word documents are prone to viruses, many message board users will not open your Word file, therefore limiting their ability to help you.

Similarly, if you are uploading a zipped archive, you should simply create a .ZIP file and not a self-extracting .EXE as many users will not run your EXE file.
See more
See less

Login page a5w saying not secure

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Login page a5w saying not secure

    I use Zebrahost for my browser grids and mobile apps and lately a login page i created a few years ago is saying not secure to the left of the URL. I have a few clients that wont continue to login to use my app. Is there something i missed with a A5 update or is this a host (zebrahost) issue..

    Thanks

    Keith Erdman
    Ponchatoula LA
    Attached Files

    #2
    Re: Login page a5w saying not secure

    You don't have an SSL cert. It's a little unorthodox to give out your IP address as the link to your site. Have you considered getting a real site with SSL?
    Mike Brown - Contact Me
    Programmatic Technologies, LLC
    Programmatic-Technologies.com
    Independent Developer & Consultant​​

    Comment


      #3
      Re: Login page a5w saying not secure

      Originally posted by filepro View Post
      I use Zebrahost for my browser grids and mobile apps and lately a login page i created a few years ago is saying not secure to the left of the URL. I have a few clients that wont continue to login to use my app. Is there something i missed with a A5 update or is this a host (zebrahost) issue..

      Thanks

      Keith Erdman
      Ponchatoula LA
      Not Zebrahost but Google Chrome which now states "Not Secure" for any site that is not secured with an SSL Certificate. The only way to prevent this as Mike says is to invest in a domain name and an SSL Certificate.
      Glen Schild



      My Blog

      Comment


        #4
        Re: Login page a5w saying not secure

        I have recently run into issues with Safari and Chrome for my site that uses sub-domains. The site is hosted by Zebrahost.

        The main domain comes through fine...but the sub-domains....on the same server with the same SSL certificate are listed as not secure.

        What is interesting is I can visit the sub-domains on my Mac running Windows 10 via Parallels using Chrome and the sub-domains are fine....no messages about security.

        Visiting the same sub-domains on the same machine but on the Mac side.....and the "not secure" message appears.

        Comment


          #5
          Re: Login page a5w saying not secure

          If you purchased a Standard SSL certificate it does not cover subdomains. You need to purchase a Wild Card SSL certificate.

          Comment


            #6
            Re: Login page a5w saying not secure

            Thanks Jay....good advice...but we have a Wild Card SSL (*.domain.com)....so I am not sure what is causing this issue with our sub-domains.

            Comment


              #7
              Re: Login page a5w saying not secure

              Hi Greg,

              Let us know what sub domains are causing the issue and we will look into it.

              There are a few things happening with SSLs lately -

              1. Chrome has been rolling out their browser updates in waves to folks. So some SSLs issued pre ~2017 before DigiCert took over the business from Symantec are now just starting to throw errors. ALL SSL vendors were affected - except Comodo. Chrome's error message that you will encounter if you have a "valid" SSL (as far as expiration date goes) will be something like Error: NET::ERR_CERT_SYMANTEC_LEGACY. This means you need to re-issue the SSL.

              2. Chrome among other browsers are issuing bigger "Non-secure" warnings to those who do NOT have an SSL on their site. Be it an IP address or a domain name. Please remember - in order to have an SSL you need to have a proper FQDN. You cannot get an SSL on an IP address.

              Basically, in 2018 - if you dont have an SSL on your site and are using an IP for users to login - expect 90% of folks visiting the site to go elsewhere.

              Comment


                #8
                Re: Login page a5w saying not secure

                Yup you are going to need to go SSL. Its pretty darn easy.
                Get a domain (DNS) and point whatever you want to call your site at your current IP. If you already have a domain name then you should be able to use a subdomain e.g. subdomain.mydomain.com or myapp.mydomain.co.uk where myapp is the subdomain.

                Then you purchase a SSL certificate, either for that subdomain e.g. myapp.mydomain.co.uk or better still a wildcard for *.mydomain.co.uk. We get our certs from here https://www.ssls.com/

                You may need to generate a certificate request on your server and upload it, or you can just let them generate you a cert.

                Now download the cert from the provider with the private key
                Import this into your server (in IIS this in under the certificates on the root server node)
                Then set your site to use that cert on the right port (in IIS edit the binding for https to use that new *.mydomain.co.uk cert)

                write down all the steps you do to get it working.
                set a calender reminder for 1 month prior to the expiry to renew the cert include the steps you wrote down, circulate it to other people as required e.g. IT team, or someone at the company that actually uses the app. That way if you are hit by a bus the cert might still get renewed.

                Comment


                  #9
                  Re: Login page a5w saying not secure

                  Good comments Nate. We started getting some soft warnings from Chrome about 6 months ago and decided to switch to Entrust (since it appeared that most of the popular cert issuers are commonly owned, so they were all subject to the same Chrome update issues).

                  Entrust is more expensive but also includes a feature/product called Sitelock which is a Malware Scanner. Our Entrust cert cost $699 per year but it is a Wild Card / OV cert (see below).

                  Protection Level
                  domain-validated — LOW
                  organization-validated — MEDIUM
                  extended validation — HIGH

                  One additional tip is to use a CAA (Certification Authority Authorization) record in your DNS listing. This tells the world which issuers are allowed to issue an SSL certificate for your site.

                  From the Wikipedia:
                  "DNS Certification Authority Authorization (CAA) is an Internet security policy mechanism which allows domain name holders to indicate to certificate authorities whether they are authorized to issue digital certificates for a particular domain name. It does this by means of a new "CAA" Domain Name System (DNS) resource record."

                  Comment


                    #10
                    Re: Login page a5w saying not secure

                    Off to add a CAA to my domains.

                    Comment


                      #11
                      Re: Login page a5w saying not secure

                      Great tip on the CAA record Jay.

                      Here's a guide on some common registrars for adding that record on your DNS:

                      https://www.thesslstore.com/knowledgebase/caa-records/

                      Comment


                        #12
                        Re: Login page a5w saying not secure

                        Originally posted by Jonathan Freestone View Post
                        Yup you are going to need to go SSL. Its pretty darn easy.
                        Get a domain (DNS) and point whatever you want to call your site at your current IP. If you already have a domain name then you should be able to use a subdomain e.g. subdomain.mydomain.com or myapp.mydomain.co.uk where myapp is the subdomain.

                        Then you purchase a SSL certificate, either for that subdomain e.g. myapp.mydomain.co.uk or better still a wildcard for *.mydomain.co.uk. We get our certs from here https://www.ssls.com/

                        You may need to generate a certificate request on your server and upload it, or you can just let them generate you a cert.

                        Now download the cert from the provider with the private key
                        Import this into your server (in IIS this in under the certificates on the root server node)
                        Then set your site to use that cert on the right port (in IIS edit the binding for https to use that new *.mydomain.co.uk cert)

                        write down all the steps you do to get it working.
                        set a calender reminder for 1 month prior to the expiry to renew the cert include the steps you wrote down, circulate it to other people as required e.g. IT team, or someone at the company that actually uses the app. That way if you are hit by a bus the cert might still get renewed.
                        Just for clarification... I currently host a web browser application using Alpha Anywhere on my internal office server. I have a domain name that I purchased and utilize DynDNS to point this domain to my internal IP address.

                        Will this above process work for my situation?
                        Will I puchase the SSL Certificate for my purchased domain, even though DynDns redirects it to my internal IP address?

                        Thanks!

                        Comment


                          #13
                          Re: Login page a5w saying not secure

                          yup should work fine

                          DynDNS is just normal DNS with a short Time To Live (TTL) so it updates frequently when your external IP address changes.

                          Comment


                            #14
                            Re: Login page a5w saying not secure

                            Originally posted by Jonathan Freestone View Post
                            Yup you are going to need to go SSL. Its pretty darn easy.
                            Get a domain (DNS) and point whatever you want to call your site at your current IP. If you already have a domain name then you should be able to use a subdomain e.g. subdomain.mydomain.com or myapp.mydomain.co.uk where myapp is the subdomain.

                            Then you purchase a SSL certificate, either for that subdomain e.g. myapp.mydomain.co.uk or better still a wildcard for *.mydomain.co.uk. We get our certs from here https://www.ssls.com/

                            You may need to generate a certificate request on your server and upload it, or you can just let them generate you a cert.

                            Now download the cert from the provider with the private key
                            Import this into your server (in IIS this in under the certificates on the root server node)
                            Then set your site to use that cert on the right port (in IIS edit the binding for https to use that new *.mydomain.co.uk cert)

                            write down all the steps you do to get it working.
                            set a calender reminder for 1 month prior to the expiry to renew the cert include the steps you wrote down, circulate it to other people as required e.g. IT team, or someone at the company that actually uses the app. That way if you are hit by a bus the cert might still get renewed.
                            Jonathan,

                            Thank for this information. I did just as you suggested and was able to easily convert my site to a secure https site.

                            Appreciate the tip!

                            Comment


                              #15
                              Re: Login page a5w saying not secure

                              A secure connection does not mean a secure site

                              Ken

                              Comment

                              Working...
                              X