You are reading a single comment by @William. and its replies.
Click here to read the full conversation.
-
I have to admit I don't really understand much of that. So, it is going to cost $20 a year? How many others are there with this problem, I notice one or two in the thread.
I am using either Safari 5.1.0 or the latest Chrome on OSX 10.6.8, So should be supported according to the list. Thanks for your work sorting this out.
William.
Velocio
I'm going to have to purchase a new wildcard SSL cert and IP address for the cert to solve this.
It's going to cost LFGSS an extra £200 per year for the cert, and an additional £20 per year for the IP address for it.
The root cause is that either the operating system or browser doesn't support SNI.
The background to this is that SSL requires a fully encrypted conversation, which means talking to a server and encrypting the connection before the browser has actually made a HTTP request. The issue here is that the browser resolves microcosm.app and talks to the IP address to encrypt the traffic without yet saying "Oh, and this is for microcosm.app so use that SSL cert for the encryption".
SNI allows a browser to talk to a web server and during the initial part of securing the communication channel it adds "This is for microcosm.app". Which means a web server that also supports SNI can actually run multiple SSL sites on the same IP address.
This is a big deal because the IPv4 address space has been so exhaustively used up that it is now harder to just get an IP address.
To reduce costs after Microcosm failed, I moved LFGSS and Microcosm behind CloudFlare's Universal SSL. This uses SNI, and so it requires that the browsers and operating systems connecting to us support it.
The list of supported browsers and operating systems can be viewed here: https://www.digicert.com/ssl-support/apache-secure-multiple-sites-sni.htm
Desktop Browsers
Mobile Browsers
I had looked at my stats (Google Analytics) and could not see any significant usage of unsupported browsers (though I know that GA is incomplete as you may have adblockers installed that block GA).
But as you clearly are affected, I'll purchase the custom cert and will use that instead... and yes, CloudFlare support custom certs too but it's normally a further $200 per month though as an employee I thankfully get this for free.
So... I'll buy a custom wildcard cert for microcosm.app, will have my CloudFlare account upgraded, and will install it everywhere. This will take a couple of days as the SSL provider don't accept PayPal, so I need to withdraw the LFGSS funds for this to my personal account and pay using a debit card.