We have migrated the website from http to https. Also we have installed ssl certification for the website. The website is dolphin 7.1
The problem is when we load the website the pages are loading using https but the lock symbol is not coming.
When I load the site in firefox It shows "This website does not supply identity information. Your connection to this website is only partially encrypted, and does not prevent eavesdropping."
When I load the site in chrome browser it shows lock symbol for some webpages but not for all.
The issue is the site refer the insecured content such as the content are from http websites.
Please help me and tell me the solution for this issue.
Thanks in advance.
Related
my website is being used by a third party iframe, the page has a single form
the link for the iframe is as follows
https://MYWEBSITE.com:8443/en?token=eyJhbGciOiAiSFMyNTawfc%3D&token2=ABC
:8443 is there because I am using multiple sets of certificates, some only with port 8443, others only with port 443.
whenever using mobile IOS, the website first load fine within the iframe, but after I try to submit the form, I get the following error:
Failed to load resource: The certificate for this server is invalid. You might be connecting to a server that is pretending to be “MYWEBSITE.com”, which could put your confidential information at risk.
I use aws with elastic beanstalk load balancer
Sorry my English, and thank you for your help :)
P.S. it works fine on chrome, only safari is the problem
I have a website that is hosted in apache web server under ubuntu. Now i setup a reverse proxy (ARR) in IIS (windows server 2016) to point the subdirectory (/daily) to the website that is hosted in apache web server - ubuntu. When i try to access the website via safari on iOS, the website is not loading (The loading bar appears on the top-left corner; The loading bar disappears (almost immediately); I am back on the page I was before - The page was not reload, it is as if I did nothing...) however when i try to access it in chrome (laptop, android, pc), firefox, internet explorer and other non-ios browser, i can load the website successfully.This is the twist: when i try to access the website in ios safari using http (not secure), the page was loaded successfully.
I have tried another setup:
Instead of using apache web server for the reverse proxy website, i tried to use different server but this time its hosted in IIS, windows server 2016 and setup the same thing (same SSL certificate, same content). When i try to access this in safari ios (https & http), the page was loaded successfully.
I am guessing that there is an issue in reverse proxy that points to the apache web server when accessing via https in safari ios. It's really weird and i don't know what is really the issue here because when i try to access a normal website that is hosted in IIS along with the reverse proxy, i can access them successfully.
I hope you guys can help me in this issue.
This is the website url: https://www.investagrams.com/daily/ (you can also test them --- try to access in ios safari it would fail, and other browser --- all successful).
I did some research and this happens because iOS 11 is improperly negotiating a HTTP/2 TLS connection and the connection fails. Microsoft has a fully supported workaround, which disables HTTP/2 TLS connections.
More information about the issue can be read here: https://www.essential.exchange/2017/09/18/ios-11-about-to-release-things-to-be-aware-of/
Workaround
Disable HTTP/2 until its fixed by Apple.
To enable or disable HTTP/2, follow these steps:
Start regedit (Registry Editor).
Move to this subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters
Set DWORD type value EnableHttp2Tls to one the following:
Set to 0 to disable HTTP/2
Set to 1 to enable HTTP/2
Restart the computer.
Reference: https://support.microsoft.com/en-us/help/4032720/how-to-deploy-custom-cipher-suite-ordering-in-windows-server-2016
I am using rails 4.2.2, deploying to production on Heroku and using the free level of Cloudflare for ssl. In my production.rb file I have set
config.force_ssl = true
If I am not signed in as a user, then ssl works and I see the padlock in the browser url bar, and I see it for all unsigned-in pages. However, once I log into the site, the padlock disappears on all signed-in pages. When I am signed in and chose a different signed-in page, the padlock temporarily appears as the page is being loaded but then disappears when the loading is complete. All this happens on both Chrome and Safari. I am not using Devise.
What could be causing this?
If you are using devise, take a look at this:
https://github.com/plataformatec/devise/wiki/How-To:-Use-SSL-(HTTPS)
Thanks to the support team at Cloudflare, I was able to solve this.
The signed in users can use a gravatar, but the gravatar_image_tag was not being used with the secure setting. This meant the image was being transferred using http not https. This could be seen by looking at the developer console, which was displaying an error indicating the page was displaying with mixed http and https. In order to fix this problem, I just used the secure setting for the gravatar_image_tag.
In my case, the page accesses to some in-secure asserts (ex: images in AWS S3). Chrome Developer Console shows that the page is mixed-secured. Change S3 image links from http to https make ssl works.
I'm having an issue in Google Chrome regarding SSL. Basically my app is using a CSS file that is hosted on an SSL domain and served by a Rails 2 app. When I look into the Network tab, it shows a 403 status when loading the file. However, the file is loaded successfully when I open it in a new tab.
Does anyone know why this happens and how to get around it?
I successfully installed an SSL certificate on my website but Chrome strikes through "https" saying there are still some resources on the website that are not secure. I made sure there's no reference to http on my webpages and also replaced the google's ajax js file with https version. How do I find what else is unsecure on my website and make sure my website is secure for users to browse and do stuff?
Chrome can show you everything that it's loading for a page. This is what you could do on the OS X version, the menu locations and/or modifier keys might be slightly different on other version.
In Chrome, open up View -> Developer -> Developer Tools
Click on Network.
Hold Shift and click the refresh button.
You should see a list of every network request made for that page. Look for one that is using http instead of https.