SSL on Jumblecat… Update!

Greg Leave a comment

[sc:wordpress-category ]When I posted a few weeks ago about install SSL on JumbleCat I had a pretty easy time of it.

However after working a bit with and Android device I noticed I couldn’t get access to JumbleCat, Chrome came up with an error:

NET: ERR_CERT_AUTHORITY_INVALID

I took a look around the net and it turns out that this error is caused by an incomplete SSL chain.  This turns out to be on the server side and after a quick e-mail to the BraveNet support folks I had a fix.  When you install the certificate on the BraveNet hosting control panel, you have to include both the StartSSL certificate you generated for you site, as well as the intermediary certificate for StartSSL (which can be found here).

You do this by pasting the intermediary certificate to the end of the file site certificate and upload both to BraveNet at the same time.

Once done, Chrome on Android works fine.

SSL on Jumblecat

Greg Leave a comment

[sc:wordpress-category ]So a few weeks ago I mentioned in my hosting post that Bravenet didn’t support SSL, however apparently they do, it’s just a little bit buried.

So I decided to move JumbleCat over to https to give it a try.  First of course was getting an SSL certificate.

Traditionally SSL certificates are expensive and hard to get, primarily due to a decision made when the SSL standard was being made to combine identity and encryption in to the certificate.  There is a trend starting though to separate the two to some degree and providers like GoDaddy and StartSSL provide SSL certificates with just an e-mail confirmation.

I’ve used GoDaddy before and they provide a good service, however there is still a cost associated with the cert and I decided to give StartSSL a try.  When I first tried to sign up I received a message that they were too busy to process my request, but I tried again a few minutes later and go in all right.

The sign up process was straight forward, however once complete the site takes you back to the main screen without telling you a message has been sent to your e-mail with the next steps.

That e-mail takes a little while to get to you, but once it does it has the steps to install your e-mail certificate that they use to authenticate you in their dashboard.  If you try to connect to the dashboard before installing the cert you get a strange error message that isn’t very obvious.

Once I had the cert installed though everything was smooth and getting a certificate for JumbleCat was straight forward.

Installing the certificate on Bravenet was easy enough as well, there’s no configuration required once you have set the private key and certificate information.

The next step was to configure WordPress to use https and this is where the first real problem came up.

The first step is to go to the admin dashboard in WordPress and then change the WordPress and Site URL’s to use https.  This broke pretty badly and didn’t let me login to JumbleCat again.  After hunting around a bit I found that Bravenet uses a reverse proxy between the internet and the actual webhosts, which meant I had to add the following lines to wp-config.php:

if ($_SERVER[‘HTTP_X_FORWARDED_PROTO’] == ‘https’)
$_SERVER[‘HTTPS’]=’on’;

I also added the following to force the admin pages and login page to use https:

define( ‘FORCE_SSL_LOGIN’, true );
define( ‘FORCE_SSL_ADMIN’, true );

After that things went smoothly and the site came back up.

I also installed “WordPress Force HTTPS” in WordPress to force everything over to https.

There are a few things that need to be update after https is working:

  • If you have an avatar image you’ll need to reselect it to use https.
  • Links in your posts which use http will need to be converted to https.

The second issue is the biggest by far.  A blog like JumbleCat currently has hundreds of posts and updating them by hand.  Instead I used “Velvet Blues Update URLs” which automatically updated all the links for me.

I’m sure I’ll find a few more small things over the next few weeks, but for now everything seems to be working well.

Bleep 1.0 for Windows

Greg Leave a comment

[sc:software-category ]I’ve written about Bleep before but now version 1.0 is finally out I grabbed a copy to try out.

The first big problem is lack of Windows Phone support, they claim to have “Native app for all platforms” but that’s kind of a misdirect.

The Windows client is very simple but is missing a few things that would be nice, like being able to minimize to the tray instead of the taskbar.  Or even an option to not automatically start.

The app itself seems fine, though I have to admit the lack of group messaging is a little strange.

Looking at the support forums there seems to be some question on when Bleep is really P2P and when it uses a relay server.

Overall I think it’s still only half done, but I guess getting something out in the open was better than leaving it as a closed beta.

For now, I’m not using it and will likely uninstall it, perhaps version 2.0 will be better.

Kevo

Greg Leave a comment

[sc:hardware-category ]I picked up a Weiser Kevo Bluetooth door lock a while ago when I had to replace my main door lock, it seemed like a good idea but after a few months of using it I have to admit it’s not a good as it should be.

The idea of course is to use your phone or a key fob to open your door without having to fiddle with your key chain to find the right one.

Walk up to the door, touch the Kevo ring and it will automatically open for you.

The Kevo is easy to install (it was a drop in replacement to my old lock) and reasonably easy to setup.

It has several good features, like being able to tell the difference between the key fob being inside or outside the house (not a good idea to let an intruder activate the lock from the outside with the key fob sitting inside but within range).

However, there are a few downsides that really hurt it:

  • Doesn’t support Windows Phone and only a few Android devices (mostly due to the Bluetooth low power mode requirement).
  • The key fob is big and ugly.  The insides of the fob are tiny but Weiser has decided to encase it in a big, cheap plastic housing.
  • The key fob seems to eat batteries and isn’t rechargeable.
  • At best I’m getting 50% activation with the lock sometimes just doing nothing for a long time.
  • Even when it does activated it takes a long time to recognize the fob and unlock.
  • When the fob isn’t recognized, you have to pull it out of your pocket and hold it close to the door, defeating the purpose of the whole thing.
  • The powered lock mechanism seems a little underpowered, sometimes it stops half way through a cycle.
  • It’s too easy to accidentally touch the Kevo on the outside of the door if you have a tendency to grab the door by the edge and start a lock/unlock cycle.

I have to say I still like the idea of a Bluetooth enabled door lock, but the Kevo isn’t worth the cost and hassle.  Perhaps the second generation Kevo will be better but for now I couldn’t recommend it.

Hosting Providers

Greg Leave a comment

[sc:internet-category ]Jumblecat is currently hosted on Bravenet, which I’ve been quite happy with over the years, however I’ve been thinking about moving.

It’s not that I have a problem on Bravenet, but more that my requirements have outgrown them.  They’re a great host, but they have one major limitation, no SSL support.

As the threats across the Internet have grown, it’s become more apparent that strong encryption is required even on simple little blogs like mine.

For a few of my other projects that require SSL, I’ve been using GoDaddy hosting, which has been pretty good all things considered.  There are a few quirks with GoDaddy, especially if you do any resource intensive, but short lived, processes.

I have a parked domain on Bravenet that I think I’ll try to move across to GoDaddy and see how it goes, then I can try moving Jumblecat across once all the gotchas are worked out (and you know there will be some 😉