It has been pointed out that we don’t use HTTPS for the forum, which is certainly true, because it’s not easy to use it. HTTPS requires using an SSL certificate, for which there are two choices:
-
One could use a self-signed certificate, as CureTogether does, but users will be presented with a scary-looking “certificate is invalid” page (it’s not invalid, it’s just not signed by a big-name authority like Verisign)
-
One could buy a certificate from a big-name authority like Verisign, but they cost from $400/year for the least “secure” version. Thawte sells them at $250/year.
I’ve only started to look into this, and I was wondering if there’s already been some investigation by Alexandra, Daniel or Gary into getting an SSL certificate for QuantifiedSelf.com, or for CureTogether. Some certificates cover sub-domains, so we could have one that would work for the blog, forum and wiki.