ace0195 Posted March 30, 2012 Share Posted March 30, 2012 So I recently installed an SSL certificate and on some parts of my site (like my ToS page, etc) it will show the green padlock in chrome but even though I have SSL enabled in WHMCS it will show the red padlock due to making insecure calls, how can I make it call images, javascript etc using SSL when an https connection is used? 0 Quote Link to comment Share on other sites More sharing options...
bear Posted March 30, 2012 Share Posted March 30, 2012 You'd need to look at the pages that aren't working properly and determine what isn't being called properly. Usually it's when you have modified the template and made absolute calls to some elements instead of relative, since WHMCS elements all work when using SSL. Simplest way to find it would be to view the problem pages code and search for "http://". That will show outbound links, but will also usually reveal improper calls. 0 Quote Link to comment Share on other sites More sharing options...
m8internet Posted March 30, 2012 Share Posted March 30, 2012 This is a local browser issue, you need to enable mixed content Alternatively as above, make sure all the URL are relative If you have used any custom code then make sure that any using absolute URL are correctly using https 0 Quote Link to comment Share on other sites More sharing options...
bear Posted March 30, 2012 Share Posted March 30, 2012 This is a local browser issue, you need to enable mixed contentAre you suggesting that allowing quirks mode is secure? 0 Quote Link to comment Share on other sites More sharing options...
m8internet Posted March 30, 2012 Share Posted March 30, 2012 Are you suggesting that allowing quirks mode is secure? I have noted a similar issue when viewing amazon.co.uk recently If the allowed mixed content is set to off in the browser then you get a security warning This has happened to a few people I know, usually after updating their browser or resetting the security settings 0 Quote Link to comment Share on other sites More sharing options...
bear Posted March 30, 2012 Share Posted March 30, 2012 Unfortunately, turning off the warning opens holes by not letting you know it's possibly a bad connection, and is not recommended. If you deliver most of the content via SSL but something like a script (javascript, for instance) via normal http, there's nothing to verify the script came from a secured source and could actually be tampered with en route as it's not encrypted. This defeats the purpose of SSL encryption overall and is to be avoided. I won't willingly disable this or recommend to others to do something that is meant to protect me while I browse a secure connection. Just sayin'. a bit of info: http://googlechrometutorial.com/google-chrome-advanced-settings/Google-chrome-ssl-settings.html#ControlDisplayofMixedContentonSecureWebpages 0 Quote Link to comment Share on other sites More sharing options...
xboss Posted March 30, 2012 Share Posted March 30, 2012 go here: http://whynopadlock.com Fix all the problems and enjoy! 0 Quote Link to comment Share on other sites More sharing options...
laszlof Posted March 30, 2012 Share Posted March 30, 2012 go here: http://whynopadlock.com Fix all the problems and enjoy! Cool site. bookmarked for future needs 0 Quote Link to comment Share on other sites More sharing options...
ace0195 Posted March 30, 2012 Author Share Posted March 30, 2012 Thanks for the help guys, the issue was I had some custom Javascript in the footer that was making non ssl calls. 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.