I got a link-sharing website hosted on linux, which allows users to share links. I purchased a digital certificate SSL 123 to host it in a secure https mode. But the problem is it won't reflect in the address bar as a normal https connection, it displays https with an error:
Your connection is encrypted with 128bit encryption...However, this page includes other resources which are not secure.
I enquired with my hosting company, but they say that because of my website, which allows people to share links, The 'THWATE' company can't verify the other links which have been shared in my website, that is why, it is displaying an error. I am confused as to whether continue with SSL or just host it normally, as I don't want my users to feel insecure about their info.
No the links are not checked but everything you embed in the page is. For example images, scripts that are linked using HTTP. The browser will need to download the linked scripts, images, ... and complains that these were retrieved using http.
This is no problem:
Some link
but these are (EDITED):
<img src="http://example.org/picture.png"/>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
Download the scripts using HTTPS
Try to use secure scripts for including the scripts of sharethis.com
Use this script source : https://ws.sharethis.com/button/buttons.js
http://support.sharethis.com/customer/portal/articles/475097-ssl-support
Related
URL in question: https://newyorkliquorgiftshop.com/admin/
When you open the above page, you can see in the console that there are lots of error messages saying "...was loaded over HTTPS, but requested an insecure stylesheet.."
This website was working well until all of a sudden this problem shows up. I am not very familiar with https, but I have contacted with Godaddy and the SSL certificate is valid, and there is no obvious problem with "https://newyorkliquorgiftshop.com". And I am stuck here, I've some experiences with HTTPS website before, if the URL of website's homepage is "https", then every resources it loads is via "https" too. I don't know why my website behave differently and I don't know where to start to solve the problem? Any hint is appreciated especially articles about HTTPS that is related to my problem.(I have done a brief research regarding HTTPS but most of the articles I found are about the basic concepts.)
If you have access to the code (not sure what you built the website using), try using https instead of http for the URL's you use to load your style sheets and script files.
For example one of the errors is
Mixed Content: The page at 'https://newyorkliquorgiftshop.com/admin/' was loaded over HTTPS, but requested an insecure script 'http://www.newyorkliquorgiftshop.com/admin/view/javascript/common.js'. This request has been blocked; the content must be served over HTTPS.
You are requesting the .js file using HTTP, try using HTTPS like so:
https://www.newyorkliquorgiftshop.com/admin/view/javascript/common.js
I'm trying to secure my website with https. I managed to add the certificates and all that stuff but in some parts of the website i get this message "this website contains interactive content that isn't encrypted (such as scripts)". Any ideas on how to fixed this?
The website runs on localhost.
I am using Apache on OS X Mavericks
You have resources on your website (javascript for example) that isn't sent through a HTTPS request, but rather a regular HTTP request.
Try storing the resources on your own website instead of requesting them from a different one.
yes. When you use https ALL pictures, SSC, and JS files should be loaded from your machine
I have been searching the internet for two days and I am stuck. I understand that I can purchase an SSL certificate to make my site work for HTTPS so that it is more secure and all that jazz.
My question is do I have to do anything special on the HTML/PHP pages I create for this site, like some PHP call to open a session, or does the fact that there is an SSL Cert on the server mean I don't have to change anything on the HTML pages?
Sorry if this is a dumb question, but I can't find the answer anywhere.
Its primary the setup of the server, e.g. that you have to make the site accessible by SSL (port etc) and configure the certificates.
But maybe you need to make adjustments to your HTML etc too, so that all resources (images, script, css..) will be loaded by SSL too, e.g. all these includes should be either be done with site-relative links or with explicite https:// links. In case the site gets served with both https and http you might also use protocol-relative links, e.g. //www.example.com/index.html will be served with http if the current protocol is http and with https if you currently use https.
We have a site which is running under SSL. But we have to show images and videos from some non secured sites. At present we are not able to show these images and videos. These non secured sites are running on the same server on which this secured site is running. Can any one please let us know how to solve this issue.
Regards
Tarunjit Singh
If the non-secure sites are on the same server as the secure then just setup new aliases pointing to that content in the SSL Vhost and modify your references to point to the new SSL versions.
If you want to use SSL on site B with a reference to a non-SSL item on Site A you can't. You'll need to do the above or enable SSL on site A and update your references to that.
I'm working on a web application that uses the google earth plugin. Recently, a new requirement to have non-public users logon was added, which meant that some users were now using the site over https. Among the things that broke in testing were the custom placemark icons (They were working using http).
The icons are hosted on the same server which servers the page.
Here are the urls for each of the protocols.
http - http://localhost/Images/yellow.png
https - https://localhost/Images/yellow.png
I can follow that link and the image will appear as you would expect.
The images hrefs are declared as icon styles in dynamically generated kml.
I want to avoid loading the images over http because I think that will cause internet explorer to present the user with a mixed content warning.
How do I get the images to load properly while using https?
I have been wrestling with this myself -- the short answer is that this won't work. If the content is served off of an HTTPS site that generates any kind of error/prompt (authentication, invalid certificate, etc.) the plugin will simply not load the content.
Interestingly, the desktop client works fine and prompts the user for credentials if necessary. However, neither client will allow content to be served off of site with an untrusted certificate.
The only workaround that I have found is:
Use a trusted HTTPS certificate on the server hosting the content (either trust the certificate on the client systems or just use a real certificate.)
Do not use HTTPS basic auth as that will always generate 401/Challenge responses which the web browser client will simply ignore
If authentication is a requirement, use NTLM authentication and common (e.g., domain) logins. If you load the plugin in Interent Explorer (or in a .NET WebBrowserControl) the authentication will be handled properly and the images will show up.
I was at a Google Earth administrator's training last week and the trainer confirmed this "bug". It is supposed to be fixed in the next version of the plugin (it may actually be fixed already -- what version of the plugin are you using?)