Help Me Test SSL on PowerShell.org
I’d appreciate your help in testing HTTPS/SSL here on PowerShell.org. Right now, it’s “voluntary,” meaning you have to explicitly ask for https://powershell.org. If you have any problems, please note them in a comment on this article.
Some notes and known problems:
- Most pages will not show the “lock” address bar icon in your browser, because we’re delivering mixed content. For example, the site logo is being hardcoded as http:// by some Javascript in our theme, which I need to sort out.
- Your connection will be to CloudFlare, which is who issued the certificate you’ll see. We’ve also SSL’d the traffic between them and our server using a DigiCert SSL certificate. We’re also going to enable client certificate authentication, so our server will only deliver content to CloudFlare, which then delivers it to you. That’s ahead.
I think we can solve the mixed-content problem by forcing HTTPS, which is easy, but I want to make sure it’s otherwise working before taking that step. We already have a WordPress plugin in place that’s rewriting http:// or https:// with just // in URLs, but there’re a couple of places where that plugin isn’t able to help, and that’s why we’re delivering mixed content still.
I’ll point out that this is mainly a bonus-points project; because almost everyone logs into the site using an external account, we don’t store many passwords (and thus don’t transmit them in the clear or otherwise). We don’t store or transmit any other personally identifiable information. Still, SSL has some other benefits, and it shouldn’t hurt to have it on, so we’re giving it a shot.
Thanks!
UPDATES 15 June 2016
- The Lock icon in browser address bars should be working; we’ve fixed the mixed-content issues I’ve found.
- We’re forcing HTTPS.
- We use CloudFlare; you’re getting SSL from you to them, and they’re getting (forced) SSL from them to us.
- We’re getting an “A” from SSLLabs and SecurityHeaders.io - thanks for that suggestion, Paal. CloudFlare doesn’t let us implement every security header yet, but we’ve got most of the recommended ones.
Related Articles
PowerShell + DevOps Global Summit 2025: Call for Papers Now Open!
PowerShell + DevOps Global Summit 2025: Call for Papers Now Open! Calling all innovators, problem-solvers, and thought leaders in the PowerShell and DevOps realm! The stage is set for the most anticipated event of 2025, and we want you to be a part of it. The PowerShell + DevOps Global Summit 2025 is now accepting session proposals, and this is your moment to shine. From April 7-10, 2025, in Bellevue, WA, the brightest minds in automation and DevOps will converge to share knowledge, challenge the status quo, and push the boundaries of what’s possible.
OnRamp2024 Program Unveiled
Navigating the Path to Proficiency: PowerShell + DevOps OnRamp2024 Program Unveiled Introduction The PowerShell + DevOps Global Summit proudly announces the OnRamp Program for 2024 to foster inclusivity and provide opportunities for aspiring IT professionals. This initiative is designed to be a bridge for those looking to enter the PowerShell and DevOps arena, offering a guided onboarding experience that aims to empower individuals with the skills and knowledge needed to thrive in this dynamic industry.
PowerShell + DevOps Global Summit 2024
[vc_row][vc_column][vc_column_text] We have had a lot of questions regarding the dates and location for the 2024 edition of the PowerShell + DevOps Global Summit. The team has been working hard to ensure we deliver the best possible experience for our attendees. We are pleased to return to Bellevue, WA, April 8-11, 2024, to the beautiful Meydenbauer Center and our new partner hotel, the Courtyard by Marriott. Some of you may remember the Courtyard from previous years.