or Create a profile

Home Problems

Tenderapp forces login over http when using aliasing

George's Avatar

George

17 Sep, 2009 11:36 AM

Hi There,

I'm using Tenderapp on our webapp domain support.myversioncontrol.com using the domain aliasing option. I'm aware of the limitations of domain aliasing when used over https and as such, would be willing to accept the expected certificate missmatch exception when changing the protocol to https. What I think is pretty remiss on your part, is that when I change the protocol in my browser to https (so I can log in securely) your app forcibly redirects me back to http, so I have no option other than to log in in a no-secure environment.

Domain aliasing was one of the reasons I recommended myVersionControl move to tenderapp. What's on your roadmap for this, do you intend addressing this serious security issue in the future?

Kind regards and thanks for an otherwise great tool.

George Beaton

  1. 1 Posted by Will on 17 Sep, 2009 11:43 PM

    Will's Avatar

    Hey George,

    Unfortunately we are unable to offer https on custom domains without some special configuration options. We hope to be able to offer this in the future of course. Right now, https only works with accountname.tenderapp.com based domains though.

  2. Support Staff 2 Posted by Courtenay on 18 Sep, 2009 02:00 AM

    Courtenay's Avatar

    It's due to the way SSL certificates are handled by IE - you can't
    have more than one SSL cert per IP address. A workaround is to run a
    proxy or some sort on your own server. (proxypass/reverse)

  3. 3 Posted by George on 18 Sep, 2009 08:16 AM

    George's Avatar

    I agree with what you are saying, but I don't see why you need to force a redirect to http when a user explicitly requests https and accepts the certificate missmatch warning.

  4. Support Staff 4 Posted by Courtenay on 18 Sep, 2009 05:36 PM

    Courtenay's Avatar

    Hey George,

    Sorry, I misunderstood your issue.

    I checked our code to be sure -- SSL is only available on Plus and
    Premium plans, but your site's still on "trial" so it won't allow it
    (hence the redirect to plain http).

  5. Nicole closed this discussion on 04 Dec, 2009 08:50 PM.

Discussions are closed to public comments.
If you need help with Tender please start a new discussion.

  • New Issue

  • Conversation Started

  • The discussion is closed

    No more actions from Tender or the discussion starter are required.

  • Re-open the discussion

Private Permissions

This discussion is private. Only you and Tender support staff can see and reply to it.

Public Permissions

This discussion is public. Everyone can see and reply to it.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

03 Feb, 2026 08:31 AM rikvipppro
27 Jan, 2026 03:26 PM Users unable to search discussions in public forum when logged in
27 Jan, 2026 03:25 PM Users unable to search discussions in public forum when logged in
15 Jan, 2026 11:27 AM Search is Broken
14 Jan, 2026 07:54 PM What is Bottlenecking My PC

Recent Articles

Authentication
How do I cancel my account?
Using queues to organize your support
Cancel my dating profile
Changing Account Owner