Forced HTTPS on web site

Alexander Kriegisch kriegaex at freetz.org
Fri Mar 9 14:31:53 UTC 2012


Sorry, it is me again with yet another improvement idea: Currently
mignight-commander.org redirects non-https URLs to https, resulting in a
certificate warning because of your self-signed cert. This is scaring
away users rather than inviting them to access your web site. It does
not make a professional impression for one of Linux's most acclaimed
software packages. I do understand that you want to have an encrypted
connection when editing the wiki or administering the page as a logged
in user, but to force read-only access to be https is a bit too much, I
guess. It also creates more client and server load than necessary. Maybe
it would be a good idea to either use a commercial certificate or, if
that is too expensive, continue using the self-signed one, but only to
log in and after you are logged in. Plus, the registration and login
dialogues should show an explanation of why you use https and a how-to
for installing the cert into the most popular browsers (including a
quote of the cert's fingerprint).

It is about making it easy for users again, like in the other threads.
Me personally, I know how to import a cert, but this knowledge should
not be necessary to access your web site without being annoyed by the
warning all the time (e.g. after a browser restart). You want to make
sure to attract users and help them contribute or at least consume, not
scare them away. :-)
-- 
Alexander Kriegisch (kriegaex)
http://freetz.org



More information about the mc-devel mailing list