SSL Certificate security error

[xinghu]

Hi

Sorry if this isn't the right place to post this..

I recently purchased a SSL certificate for my website. It has been installed. However, everytime you go to a https: page e.g. like the login pages or shopping cart, an error appears claiming that some parts of the webpage may not be included in the secure pages. This error message pops up on every page. I have temporarily disabled the SSL certificate in my config.php file as I think this would scare customers.

I have also noticed that if you go to Page Info in Firefox and see the security, it says that a SSL Certificate is installed, but not verified. Perhaps the two problems are linked?

I have had a programmer look at the coding of my site and he says everything is fine and doesn't know why this error is occurring.

I know this is a somewhat technical issue, so I hope there is someone who has had a similar experience who may be able to advise me what needs to be done.

I would be grateful to hear from anyone if they have any suggestions on how to correct this problem since I don't know if it is a conflict with the coding of the site or if the SSL Certificate has not been installed correctly or if it is something else.

Thank you for your help with this.

Kind regards,
Andrew

 

[Cohesive Computing]

Do you get this error for all browsers?

It's quite possible the page(s) are referencing resources not secured using the https protocol.

Inspect the page source for images, css, javascript etc that begin with http, instead of https.

If you can't locate anything in the page source, you may need to inspect the actual javascript and css files to ensure no references are being made to http only resources.

 

[xinghu]

I have only tried viewing the site on IE and FF. FF does show the error message on the first secure page, but then doesn't. IE however, shows the error message on every single https: page.

I went back to the hosting company who installed the SSL and explained the problem. They claim that it is because the links on the site are all set to http, hence the error. However, I have changed all the links from http to https as they requested, and I still continued to receive that message.

When you said inspect the javascript and css files, is that what you meant by checking if all the links are https?

Incidentally, when I did change all the links to https, I went on the site with IE and as soon as I typed in www.domainname.co.uk the url automatically went to https:// and when I attempted to view certain pages like my product pages, nothing would appear.

I am somewhat disappointed after purchasing this SSL. All I wanted to be able to do is have a secure page for my customers to login and have my shopping cart secure and link it to PayPal Website Pro Direct Payments.

Unfortunately, I only know basic html coding.

Thanks,
Andrew

 

[Cohesive Computing]

The first thing to try is view the page source (View->Source from menu in IE) and using notepad (or whatever) search for 'http:' (without the ''). Start with the smallest/simplest page of your website.

If you find such occurrances, changing to https: in the actual web page should be the easiest way to stop the security warnings. If there aren't any occurances in the Html, you'll need to search for 'http:' in css and javascript files that are used by your web pages.

If after making the changes parts of the page don't display, it usually means that the some or all of the resources aren't available using https, possibly because they're hosted by a 3rd party.

 

[REBOOTTHAT]

Hi xinghu,

You should be able to fix this issue by not using the full URL.

So on the page if you have a webpage with an image:

<img src="*******.com/images/picture.jpg" alt="Picture" width="403" height="341">

You would be better using:

<img src="/images/picture.jpg" alt="Picture" width="403" height="341">

"SSL Certificate is installed, but not verified"
Maybe a root certificate issue that needs updating. Check this:
Google "microsoft 931125" (can't insert links yet. arrghh!)

Hope that works.

 

[electroforms]

What's happening here is that your https page is referencing resources which are not being served using http; most likely this is due to either:

1) As noted above, you have absolute URLs to images/javascript/css with the prefix http - fix this by making all links relative
2) Your certificate is only under a part of the site (such as a secure or ecommerce folder) and the page references resources on another part of the site. You can fix this by putting the server certificate under the root of the site, or making sure that any resources are "below" your secure folder (and referenced accordingly).

Hope this helps!

 

[xinghu]

Thank you for your help. If the SSL Certificate is in a folder, would I just be able to move it to the root directory or isn't it as easy as that?

 

[xinghu]

Hi

I was wondering if I needed to change the image links from scr="http://mysite.co.uk/images/test.jpg" to scr="/images/test.jpg" throughout the website or just on secure pages?

Thank you
Andrew

 

[REBOOTTHAT]

Hi xinghu,

Just the secure pages, though it is good practise to do thoughout your website.