Community.openproducts.com has invalid certificate
Posted: Wed Oct 01, 2014 4:23 pm
When I first registered to the community.openproducts.com I noticed it sent me an email in clear text, so of course I wanted to change the password. I logged in and to my great surprise the site was NOT protected by TLS. I would have expected that product that is really for privacy would protect all information with TLS, so I simply edited the http -> https on the url, and noticed, yes there is TLS, but the certificate is not for this community.openproducts.com, but a wildcard cert for loopiasecure.com.
Knowing that proper certificates trusted by browsers cost less $10 per year (for example gogetssl sells some comodo certs for $6 / year), it would be better to get proper certificate for the community.openproducts.com and make sure the forums are redirected to the TLS by default.
Knowing that proper certificates trusted by browsers cost less $10 per year (for example gogetssl sells some comodo certs for $6 / year), it would be better to get proper certificate for the community.openproducts.com and make sure the forums are redirected to the TLS by default.