HTTPS Support Needed

RootsMagic needs to support HTTPS and MyRootsMagic needs to create HTTPS online trees.

Ever since Google announced on February 6, 2020, they would be starting to end their support of HTTP pages in the Chrome browser, they have made it harder and harder to access HTTP web pages.

When I use MyRootsMagic to create a website, everything works fine. However, when I click on the gear icon I get the message “The page you were looking for doesn’t exist. You may have mistyped the address or the page may have moved.”

As of February 2023, Google’s Chrome is the leading internet browser in the world with a global market share of 65.74%.

It is time RootsMagic fully supports Google Chrome browsers.

I use Google Chrome all the time. You can remove the requirement for all sites to use https.

How do you remove the requirement for all sites to use https on a PC?

Chrome settings, Privacy and security, Security, under Advanced make sure “Always use secure connections” is disabled

This website explains how it works.

Encouraging users to lower their general protection to facilitate access to a RM Inc service exposes them to greater risk of data theft, privacy breach and malware. Shouldn’t RM be promoting safe use of the Internet?

The “Always use HTTPS” setting does not block access to a HTTP site having no SSL certificate to serve HTTPS; it interposes a warning to the user that there is a potential risk. I should think that RM Inc would advocate to users the enabling of that setting.

For more on browser security, see this page and #4 under the heading “Tweaks…”:

3 Likes

This does not work for me on Chrome Version 112 on a PC. The article states, “If you decide to turn the toggle on, Chrome will automatically “upgrade” any website you try to browse from the HTTP version to HTTPS, if available.”

I think the problem is “if available.” RootsMagic only creates HPPT websites so an HTTPS version is not available.

Are you using a PC and does the gear icon on MyRootsMagic take you to the website?

Rootsmagic does nothing of the sort. Rootsmagic generates the code for a website and it couldn’t give two shakes about HTTP or HTTPS. What needs to happen is that Bruce needs to purchase an SSL certificate for MyRootsmagic.com and use it. Why he hasn’t done this is anyone’s guess. Maybe the site that he pays for hosting doesn’t allow this, maybe it has been deemed too expensive, who knows.

1 Like

Short explanation:

Something needed to permit HTTPS on the MyRootsMagic websites (sites.myrootsmagic) isn't validated at the moment.

Long explanation:

Kevin provided screen captures of the TLS certificates for the main RootsMagic site and the MyRootsMagic site. TLS certificates are part of what's needed to enable HTTPS to function.

Both certs have not expired …

  • The main RootsMagic site cert is valid
  • The sites.rootsmagic cert, for where the MyRootsMagic websites are accessed hasn’t been validated so far.

It’s important to realize that just getting the certificate validated is not the only thing that would be needed. And it may be inactive for reasons that we don’t have visibility into.

RE your own website

@kfunk 's option of your own website has some merit. @thejerrybryan , for example, runs a website and could share his insights. But, there are some caveats too. For example, you would be the one who has to administrate the site, troubleshooting at least some of the problems or work with tech support on others. Also, your site would not be integrated to RootsMagic, so you couldn't just use the 'Publish' function that you use right now. (There is a Publish ► HTML Website function you can use to help you.)

I’ve just discovered that https://sites.rootsmagic.com/users/sign_in works but a MyRootsmagic user’s pages cannot be accessed through https. At least, it appears that the login is encrypted so that’s a good thing.

It may be that RM Inc has restricted SSL to the login page only because it would be too complex to apply it to the user pages and restrict page modifications to just the originating user. I’m just guessing here…

If I recall correctly, and it has been some time since I installed a cert, but one must include the subdomains to be covered. I think on my hosting provider, only the main domain was covered if I didn’t specify the specific subdomains. However, the fact that @TomH experiment with the signin page worked, that make me pause.

I have had a number of sites over the years, many of which only get a couple of hundred visits per year and outside of uploading the update files, I have never really had to do much of anything in regards to troubleshooting and maintenance. The only exception to that was a problem with a PHP script that needed access to some PHP function that the shared hosting provider did not allow. In the case of uploading RM generated files, that likely is not going to be an issue for you.

Seems intentional for security purposes. Otherwise, these are merely a clustered bunch of static, read-only, user presentation sites …served up, for viewing only ,that are much faster w/o significant certificate processing, extra browser checking, security protocol machinations.

1 Like