The SSL certificate the server uses for https looks... weird. Don't think it was meant for anything other than the Plesk panel. Not only is it not issued for this domain, it doesn't have any at all. Would it be possible to replace it with a proper one? Now, I know that most "serious" ones cost serious money. If that's an issue - how about a free one from cacert.org instead? Sure, it's not perfect - their CA cert only comes bundled with some browsers/OSs so far - but one can easily install that if required and imho it's still worlds better than that Parallels one. (Unlikely to be relevant, but for completeness' sake: I'm using Chromium 46.0.2490.86 on Linux 4.3.0, built for x86_64, w/ the Debian Project's ca-certificates-20140927.3.17.2.)
Startcom is nice for a free cert as well. I've used it for years. Only downside is that they only last a year. https://www.startcom.org/
I trust a self generated cert created by ASSEMbler a lot more than any "cert authority" just to please the browser racket regarding https (SSL/TLS). IMHO; the browser warnings are of no concern unless you are dealing with a bank or similar.
Agreed on the "browser racket" comment regarding certs, but your "bank" comment is just wrong. There are plenty of reasons that you want working certs outside of banking.
The current one looks like it's been generated by Parallels, not you. I have no reason to trust them. No iea where else that cert might turn up and what sites might be deemed "secure" if one manually greenlights it... (It might have been generated locally during installation, but I have no way to check that. A cert doesn't contain a domain, I ain't touching it.) That's all I wanted to hear, thank you. What did they smoke, and where can I get some? Best of luck with that, but I don't see it happening any time soon. Web pages are pretty much the definition of legacy tech. (I couldn't find anything about Google intending to do this, but Mozilla's blog has a post about something similar. They intend to enable some new features only for properly encrypted sites. At least they won't throw a tantrum when encountering plaintext ones...)
My SHA-256 fingerprint for the current Parrallel's certificate at https://assemblergames.com is: 43:2B:24:1B:E7:F6:93:1D:3E:21:60:A2:C9:37:1E:03:86:3E:0B:73:F8:0B:87:7B:79:55:B6:F8:9B:EF:B7:C6 ASSEMbler, All you need to do is to confirm if this indeed is the correct SHA-256 fingerprint for your site, just post a reply in this forum thread. A forum post with this simple "yes or no" confirmation will mean a lot more to me than having Symantec or Verisign telling me that this really is the assemblergames.com website. I understand the problems about having the most common browsers complaining with warnings and your users need to add "Untrusted" exceptions (which is a browser flaw by design IMO), so this will not fix that, but when it comes to trust about if this certificate really belong to assemblergames.com, then I trust you more than any third party.
As predicted the first version of openssh has painful bugs. I will continue to wait for a bit longer before deploying.
Painful bugs? Hmm, could you elaborate? I'm using it for a couple websites myself and didn't notice anything bad with it, but I'm a bit concerned now.
+1 interest. I already knew they chose a rather shitty concept for a client implementation (which one can work around, e.g. by using this site to get the cert instead), but this is the first I hear about bugs.