SSL Certificate error for both Npool and Nstatus is a security threat

Hi guys,

I recently noticed this issue and it’s very good to address it with the community.

The community should know the risk of what may happen in the future if proper action is not taken.

Attackers are everywhere on the web, thus, we as a community we need to address this issue.

SSL Certificate error may lead to “network eavesdropping attack” because the connection is secure/encrypted which attacker may use to steal users email and password.

I think now is the best time for their web admins to tackle such issue before it is too late.

The web admin for both @Npool and @Nstatus should install new valid SSL Certificate on their platform to mitigate such catastrophe

Best regards and thank you all :slight_smile:

I think they just didn’t set up http to https redirect. You can manually add https in url, but it’s better to set the redirect for sure. @Mutsi

Mutsi just pointed out that it’s not a good idea to use https on nstatus. Due to browser restrictions, if you visit nstatus using https, you cannot send http request to node port 30003

1 Like

On nStatus I can completely understand the reason why @Mutsi didn’t use it: When you query a node on nStatus that gets done from your browser. When you’re on an HTTPS connection and do an HTTP request (which getting an update from a node is) you inevitably run into CORS problems which will result in bad UX. So that is not really solvable.

For nPool I can’t understand that either but as @yilun said: They seemed to forget the redirection. But I agree - this is normally something you cover when deploying your websites professionally.

Ok, understood :slight_smile:

I also don’t get that, but as @yilun noted, they appeared to have overlooked the redirect. But I do agree that when deploying your websites properly, this is typically something you address.