Drupalcon Security Followup: Automatically use SSL logins on drupal.org
Step 1: Install the root CACert certificate
CACert provides free SSL certificates. Though they are very close to being included in Firefox, their certificate is not currently included by any mainstream browsers. In order to get your web browser to properly validate the certificate, you need to install the root CACert certificate. Go to the CACert certificate page and download the certificate. Firefox will ask to add the certificate, while Safari will download the file which can be opened with Keychain Access to make it available to the whole system.
Here is a direct link to the CACert root certificate.
- If you're using Firefox, install GreaseMonkey.
- If you're using Safari, install GreaseKit.
- For Opera, it's built-in.
- For IE, as far as I know you can't do it. Switch to one of the above browsers.
Step 3: Download the user script
Download the user script and install it. Both GreaseMonkey and GreaseKit should ask to install it automatically. By default, it will enable itself for drupal.org and groups.drupal.org.
Step 4: Log in!
Note that groups.drupal.org uses the same certificate as drupal.org, so it will require accepting the certificate manually when you log in. Note that after logging in, you will be redirected back to the unencrypted version of the page.
Feel free to post any suggestions or improvements in the comments!