- Reaction score
- 184
- Points
- 1,210
Folks,
Over the coming days and weeks, you will notice a few changes to the site, as we move incrementally to a more secure model. The first change you will notice is that the site URL for the forums is changing. While the old "forums.army.ca" will still work for the foreseeable future, the new default will be to drop the leading "forums" subdomain. This is a minor change on the surface, but with far-reaching impact as we have been operating as "forums.army.ca" for a very (very) long time.
This change was made to consolidate the "forums" onto the same hostname as the rest of the site. The content and hosting remains the same, it's more or less a cosmetic change. With this done, the existing SSL certificate can be used to protect forum data. (Under the previous setup, we would need to purchase a second certificate - or a more expensive variant - to protect the extra subdomain.)
The long term goal then is to have SSL encryption enabled for the site by default, providing better overall security for account information, personal messages and all other content. I will be making changes incrementally, so it won't be immediate and (too) drastic, but will get us there in a reasonable timeframe.
Now those Navy, Air Force and Milnet folks will be asking "what about me?" The unfortunate answer is that while your URLs will also be changing (losing the forums. prefix) you won't be getting SSL in the immediate term. That would require the purchase of 3 more certificates each year, at about $100 a pop. So, I'm going to show my bias here and stick with securing Army.ca only. For those who want to make use of the SSL connection, you'll have to do it on the green side of things, I'm afraid.
So, where are we now? The SSL certificate is installed and the forums. hosts collapsed, but SSL is not the default. It is ready to test, which you can do by simply changing HTTP to HTTPS in your URL. For example:
http://army.ca/forums
Becomes...
https://army.ca/forums
There are still some issues that will need to be resolved... some site content will try to load over http even when you requested https, and that will cause issues. I will pick away at these over time and when everything is "good" SSL will become the new default.
In the meantime, if anyone has issues, please let me know.
Thanks
Mike
P.S. As a sidenote, for those following Heartbleed, we are patched and all key material has been regenerated from scratch.
Over the coming days and weeks, you will notice a few changes to the site, as we move incrementally to a more secure model. The first change you will notice is that the site URL for the forums is changing. While the old "forums.army.ca" will still work for the foreseeable future, the new default will be to drop the leading "forums" subdomain. This is a minor change on the surface, but with far-reaching impact as we have been operating as "forums.army.ca" for a very (very) long time.
This change was made to consolidate the "forums" onto the same hostname as the rest of the site. The content and hosting remains the same, it's more or less a cosmetic change. With this done, the existing SSL certificate can be used to protect forum data. (Under the previous setup, we would need to purchase a second certificate - or a more expensive variant - to protect the extra subdomain.)
The long term goal then is to have SSL encryption enabled for the site by default, providing better overall security for account information, personal messages and all other content. I will be making changes incrementally, so it won't be immediate and (too) drastic, but will get us there in a reasonable timeframe.
Now those Navy, Air Force and Milnet folks will be asking "what about me?" The unfortunate answer is that while your URLs will also be changing (losing the forums. prefix) you won't be getting SSL in the immediate term. That would require the purchase of 3 more certificates each year, at about $100 a pop. So, I'm going to show my bias here and stick with securing Army.ca only. For those who want to make use of the SSL connection, you'll have to do it on the green side of things, I'm afraid.
So, where are we now? The SSL certificate is installed and the forums. hosts collapsed, but SSL is not the default. It is ready to test, which you can do by simply changing HTTP to HTTPS in your URL. For example:
http://army.ca/forums
Becomes...
https://army.ca/forums
There are still some issues that will need to be resolved... some site content will try to load over http even when you requested https, and that will cause issues. I will pick away at these over time and when everything is "good" SSL will become the new default.
In the meantime, if anyone has issues, please let me know.
Thanks
Mike
P.S. As a sidenote, for those following Heartbleed, we are patched and all key material has been regenerated from scratch.
