Jump to content
TNG Community
Merv

TNG - SSL Certificate neccesary?

Recommended Posts

tngweb
3 hours ago, tngrlkrz said:

Brings up a question, for those who have done it, just how difficult is it to switch providers?  Curious
 

It all depends on the hosting control panels being used. cPanel to cPanel transfers are 99% flawless.

cPanel to Plesk, some issues, but easily fixed. I could go on forever with comparisons, however, the easiest way is to do a FULL backup of your site (Databases, Files, etc) download it to your home computer, then upload to the new host.

Share this post


Link to post
Share on other sites
Merv
4 hours ago, Ken Roy said:

I found a TLS and SSL article on the TNG Wiki that was started by Olaf Tiege 3 years ago.  I have added it to the Security category on the wiki. 

Some of the issues identified have been fixed in TNG versions since that time.

Those of you you have recently converted to using SSL should update the article as appropriate.

Thanks.

Thanks Ken, It's my first attempt at editing the Wiki but I have put my 2 cents in there. Feel free to make any re-edits.

Share this post


Link to post
Share on other sites
tngrlkrz
On 9/14/2016 at 11:17 AM, Ken Roy said:

I found a TLS and SSL article on the TNG Wiki that was started by Olaf Tiege 3 years ago.  I have added it to the Security category on the wiki. 

Some of the issues identified have been fixed in TNG versions since that time.

Those of you you have recently converted to using SSL should update the article as appropriate.

Ken,

Have provided information on ICDSoft's recommendations and policy for SSL implementation, as well as example .htaccess redirection entries which works with Simply Hosting and ICDSoft

Ron

TNG 11.0.2b   http://www.kmtrees.com wampserver 2.5,legacy 7.5,  family historian 6.2.2, win 10 pro

Share this post


Link to post
Share on other sites
Newfloridian

I wonder if I have found another issue which may need clarification (and action) in the interaction between TNG and SSL. I installed the certificate and did the http:// to https:// redirection (or rather my ISP did it for me) about 10 days ago. After a few teething troubles my pages now show the green padlock.

The new issue comes from an entirely different source. I have always prided myself, and up to now have achieved, that all my user added pages (of which I have over 450 based on historytemplate.php) are w3c valid for xhtml1. However, I did a validation check on seveal of my pages this morning and came up with the following warning and error. This has obviously been introduced by the http:// to https:// implementation - but how and where should I go about correcting it?

Cheers Alan

 

  1. Warning Mismatch between Public and System identifiers in the DOCTYPE declaration

    This document uses an inconsistent DOCTYPE declaration. The Public Identifier -//W3C//DTD XHTML 1.0 Transitional//EN declares the XHTML 1.0 Transitional document type, but the associated System Identifierhttps://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd does not match this document type.

    The recommended System Identifier for XHTML 1.0 Transitional is http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd.

    The safest way to use a correct DOCTYPE declaration is to copy and paste one from the recommended list and avoid editing that part of your markup by hand.

↑ TOP

Validation Output: 2 Errors

  1. Error Line 4, Column 43: value of fixed attribute "xmlns" not equal to default
    <html xmlns="https://www.w3.org/1999/xhtml">

  2. Error Line 4, Column 1: Wrong xmlns attribute for element html. The value should be: http://www.w3.org/1999/xhtml
    <html xmlns="https://www.w3.org/1999/xhtml">

Share this post


Link to post
Share on other sites
Newfloridian

Having had a cursory look around, it appears this warning is emanating from the coding in the function tng_header section of genlib.php in these lines:

    header("Content-type:text/html;charset=" . $session_charset);
    echo $tngconfig['doctype'] ? $tngconfig['doctype'] . "\n\n" : "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \n\"{$http}://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n\n";
    if( !$cms['support'] )
        echo "<html xmlns=\"{$http}://www.w3.org/1999/xhtml\">\n<head>\n";

I think I found the setting for the http variable in globallib.php:

$http = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off' )) ? 'https' : 'http';

The question now is: can this function be converted to deliver http to the attribute rather than the https? And if so, are there any potential ramifications?

Alan

 

 

Share this post


Link to post
Share on other sites
Ken Roy
1 hour ago, Newfloridian said:

    if( !$cms['support'] )

        


echo "<html xmlns=\"http://www.w3.org/1999/xhtml\">\n<head>\n";

 

Alan,

I think you would have to change the above echo to use if the validator cannot handle both http and https, and then double check that Firefox or other browsers do not interpret this as mixed content.

Share this post


Link to post
Share on other sites
bhemph

Alan,
     It looks like those 2 locations that you identified should be hard coded as http instead of dynamic to possibly have https.  Since they are only the definitions defined in the RFC and not sending any actual content, they shouldn't be identified as mixed content.  Change those 2 locations to be hard coded http and double check to confirm.  Reading the document at http://www.w3.org/1999/xhtml section 3.1 does have http hard coded in the definitions, even though that particular site flips you over to https automatically.  After confirming that those spots are to be hard coded and don't cause mixed content errors, you can let Darrin know.

Brent

Share this post


Link to post
Share on other sites
Newfloridian

I have edited the two lines in genlib.php thus:

echo $tngconfig['doctype'] ? $tngconfig['doctype'] . "\n\n" : "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \n\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n\n";
    if( !$cms['support'] )
        echo "<html xmlns=\"http://www.w3.org/1999/xhtml\">\n<head>\n";    

and can confirm:

1. My user added pages now all validate correctly for xhtml with the w3c validator

2. Firefox and Chrome present green padlocks and do not display any mixed content errors

I'll relay these finding back to Darrin

Cheers Alan

 

 

 

Share this post


Link to post
Share on other sites
Newfloridian

I've now heard back from Darrin. Apparently these changes have been incorporated into TNG11 so this thread applies to version of TNG10. (I'm still using TNG10.1.3)

Alan

 

Share this post


Link to post
Share on other sites
Joe Smythe

Has the information on this thread changed since last active?  I am interested in the TNG Web Hosting service since it implies familiarity with our avocation.  I recently had a comodo cert installed and today I found it not working.  I use arvixe.com and have been with them many years.  i was on a long chat with them to install the cert.  i have a technical background so am familiar with the mechanics.  i just want my TNG up and running with plesk or cpanel and SSL (did I read that ssl was free?).

Share this post


Link to post
Share on other sites
Joe Smythe

Wow, the TNG - Specific hosting on Simply Hosting is exactly what I'm looking for.  Thanks a million!

Cheers,

Joe

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×