13 replies to this topic

[bwit]

We recently got the SSL installed on one of our website : www.bongsnbongs.com

but we keep on getting the error that the site contains both secure and insecure links after I click on any product which comes in HTTPS url as there are some HTTP links also .

I recently checked another good Oscommerce website http://www.mrgadget.com.au/catalog/
and for SSL which comes after Checkout it goes to

https://secure.mrgadget.com.au

Also NOTE that the error for secure and insecure links do not come even in IE although the links on this website have both HTTP and HTTPS .

My Query is :
1) they have the SSL to "secure.mrgadget.com.au" and not to "www.mrgadget.com.au" . Is it better to have the SSL like thi instaed of the complete URL
2) Why this website do not have secure and insecure prompt though if you check the source it has both HTTP and HTTPS links
3) How to enable SSL only on CHECKOUT
4) How is it possible that they have all the product and category links to HTTP even if they are in HTTPS domain

Any inputs from you is appreiciated

[Jack_mcs]

1 - it doesn't matter. Whichever sounds best to you is the one you should use. But if you purchased the ssl for www.bongsnbongs.com, it won't work for secure.bongsnbongs.com. You would have to purchase another one.

2 - The non-secure message is usually caused by some link you have on your shop that is not secure.

3 - It's automatically done by the code in the shop.

4 - That is how it will work if the configure file is setup correctly.

[bwit]

Jack_mcs, on 04 November 2009, 12:55, said:

1 - it doesn't matter. Whichever sounds best to you is the one you should use. But if you purchased the ssl for www.bongsnbongs.com, it won't work for secure.bongsnbongs.com. You would have to purchase another one.

2 - The non-secure message is usually caused by some link you have on your shop that is not secure.

3 - It's automatically done by the code in the shop.

4 - That is how it will work if the configure file is setup correctly.

Thanks for the reply .

If you check this site http://www.mrgadget.com.au/catalog/

This also have non secure links when it goes to HTTPS URL after checkout . You can do View Source Code and see it . But the error or Prompt do not come on this site . You can see that all the category links still remain to HTTP even in HTTPS URL
How do others do if they have SSL on there sites becuase everyone will have some or the other cross links or statcounter etc.

Any help is appreciated .

[Jack_mcs]

The non-secure links I mentioned refer to links to other sites, not your own.

[danut82]

Jack_mcs, on 04 November 2009, 16:52, said:

The non-secure links I mentioned refer to links to other sites, not your own.

i have the same problem here
but in my case is the .css file which are calling pictures to define the site
once i delete this links are working, remain in ssl mode
what can i do?

Edited by danut82, 06 November 2009, 17:00.

[Jack_mcs]

danut82, on 06 November 2009, 16:48, said:

i have the same problem here
but in my case is the .css file which are calling pictures to define the site
once i delete this links are working, remain in ssl mode
what can i do?

That should only happen if the links are absolute. Try changing them to relative links like

url(images/some_image.jpg)

[danut82]

Jack_mcs, on 06 November 2009, 17:26, said:

That should only happen if the links are absolute. Try changing them to relative links like

url(images/some_image.jpg)

yes the links are defined like this:

 background-image:url(images/head_cauta7.gif);

the version whithout links are here and it's ok

thanks

Edited by danut82, 06 November 2009, 20:55.

[bwit]

Jack_mcs, on 04 November 2009, 16:52, said:

The non-secure links I mentioned refer to links to other sites, not your own.

So you say that if we host the website on one URL and have the SSL on any any Subdomain like in this site they have the SSL on secure.domainname.com will work and we will not have any prompts .

But I have seen that if on HTTPS site we have any links of HTTP even the statcounter or google analytics then also the prompt comes

[Jack_mcs]

It is caused by a non-secured external link. google analytics is an external link. Is it secure?

[bwit]

Jack_mcs, on 09 November 2009, 12:29, said:

It is caused by a non-secured external link. google analytics is an external link. Is it secure?

If you check http://www.mrgadget.com.au/catalog/ and go to checkout page when the site goes on HTTPS , it also have both links HTTP and HTTPS on one page . But the secure nonsecure prompt does not come

[Jack_mcs]

bwit, on 09 November 2009, 14:57, said:

If you check http://www.mrgadget.com.au/catalog/ and go to checkout page when the site goes on HTTPS , it also have both links HTTP and HTTPS on one page . But the secure nonsecure prompt does not come

Please list the links on that page that are to external sites.

Edited by Jack_mcs, 09 November 2009, 16:55.

[bwit]

Jack_mcs, on 09 November 2009, 16:53, said:

Please list the links on that page that are to external sites.

https://secure.mrgadget.com.au/catalog/login.php

Just click on Login link and it will open the above link. Note that for HTTPS , it has moves to a subdomain "secure" within that domain .
And if you take the mouse on any Categories or click on any categories or just do "view Source" and Find "HTTP" on that page you will see that there are many HTTP links with Full URL path in the HTTPS page .
Still there is no prompt from the browser

[germ]

bwit, on 10 November 2009, 06:55, said:

https://secure.mrgadget.com.au/catalog/login.php

Just click on Login link and it will open the above link. Note that for HTTPS , it has moves to a subdomain "secure" within that domain .
And if you take the mouse on any Categories or click on any categories or just do "view Source" and Find "HTTP" on that page you will see that there are many HTTP links with Full URL path in the HTTPS page .
Still there is no prompt from the browser

"Links" to other sites or pages don't cause the "non secure items" warning.

That happens only if you try to load content (usually scripts or images) from HTTP sources on HTTPS pages.

[Jack_mcs]

bwit, on 10 November 2009, 06:55, said:

https://secure.mrgadget.com.au/catalog/login.php

Just click on Login link and it will open the above link. Note that for HTTPS , it has moves to a subdomain "secure" within that domain .
And if you take the mouse on any Categories or click on any categories or just do "view Source" and Find "HTTP" on that page you will see that there are many HTTP links with Full URL path in the HTTPS page .
Still there is no prompt from the browser

You're not listening to what I am saying. The site is mrgadget.com.au. The http links you mention are to mrgadget.com.au. Those are not to an external site. If you have a link to abc.com on that page, that is an external site and may cause a problem. So on the page where you are having a problem, find links that are going to some external site. That is where the problem will be. It could be due to how the cert is installed but in almost all cases it such a link.