Privacy Error // portal.ldswebcast.org SSL expired 9/1

[MCardoza]

The wildcard SSL cert used on the webcast portal has expired. Hopefully it gets renewed soon

If you're on chrome, you can click "Advanced" in the bottom left of the scary warning page, followed by clicking "https://portal.ldswebcast.org/#/startevent"

Unknown if this issue will only affect tech admins on the scheduling site or if it will affect meetinghouse playback - we shall find out at a stake conference Sunday :O

[russellhltn]

Ugh. I doubt if this is going to get fixed before sometime Tuesday.

[scgallafent]

I've nudged a couple of people to get this resolved.

[kevinf99]

scgallafent, thank you for 'nudging' people to get this resolved.

This is more than just a bothersome issue. It is a significant security risk. Many userIDs/passwords (that would be used to set up webcasts) likely have access to systems that allow obtaining information of very confidential information, including home phone numbers and addresses of CEOs of Church owned and outside organizations! Not to mention every ecclesiastical leader throughout the world!!

These userIDs and passwords are not encrypted while SSL/TLS (https...) are not allowed. Yet the tier1 tech support at the Global Help Desk/Global Service Center state that the 'engineers tell us that this is not an issue to be worried about. Go ahead an use the system.'

[eblood66]

These userIDs and passwords are not encrypted while SSL/TLS (https...) are not allowed.

An expired certificate doesn't mean that SSL is not used. With an expired certificate the traffic is still encrypted and is still secure as long as the server's private key has not been exposed.

An expired certificate only means that the certificate authority hasn't rechecked that the certificate is still in possession of the certificate owner of record. With smaller organizations that could be a significant consideration. But with the church there isn't much chance that they have lost control of the domain. And there isn't anybody who recently had the domain that could be using their own expired certificate to pose as the church.

So as long as you make sure the certificate you are overriding is really for the right server, then traffic is still secure.

But they really should fix it soon. It's never good to train people to click past security warnings. If they get used to it, they're more likely to missing a real security risk whether on a church server or someone else's.

[rannthal]

This has been fixed as of 9/8/17

[KB5BS]

OK, I understand what is being said, but apparently all the computers in our Family History Library are getting this TLS error. I am not there right now, but if I go there how do I correct the issue or can it be done remotely?