trying to get ssl to work on php page

Forum Moderators: buckworks

Message Too Old, No Replies

trying to get ssl to work on php page

ssl php page certificate

namanimal

1:35 pm on Aug 4, 2008 (gmt 0)

Hi, I bought an ssl certificate for my site. I'm pretty sure I can make all of my html pages go to https instead of http for the forms that i need to be secure.

My issue is that the members area of my site is .php and there is one page, /funds.php that i need to make secure. even if i forward the page to [site.com...] it gives me the message that part of the page is secure and part is not. I read that all of the things on the page have to have https so i went into the php code on the funds page and made every link https. The issue might be that the static areas of the php page are not on https because they are located in a dozen other files on my server. let me know what you think the issue is. I really need that area secure becuase it is where they use their credit card.

also i'm using paypal website payments pro to process cards. is it possible that the form will be secure regardless because i'm using their services and its going through them first?

Thanks a lot

ytswy

2:41 pm on Aug 4, 2008 (gmt 0)

Check that you are not using any images that are served from http:// - that would cause the warning.

rocknbil

4:13 pm on Aug 4, 2008 (gmt 0)

I read that all of the things on the page have to have https so i went into the php code on the funds page and made every link https. The issue might be that the static areas of the php page are not on https because they are located in a dozen other files on my server.

First, understand that any links to non-SSL pages will NOT create this error. In your page,

<a href="/contact.html">contact</a>
<a href="http://www.yoursite.com/contact.html">contact</a>

Neither of these will kick the error. The first will lead to https:.... because it's relative to the current location. The second will lead to a non-https version, which is preferred, as secure pages are slower - but neither will create the error on the current page.

The error is in something on the page, right now, that is not a secure version.

Some commonly overlooked items:
- If you use Google Analytics, link to the secure version from analytics pages (https://ssl.google-analytics.com/urchin.js)

- If you use Flash, link to the secure version of the player download (don't have the URL handy)

- any affiliate programs or Javascript-injected content in your page must come from an SSL page.

Remove elements one by one until the error goes away.

ytswy

7:59 pm on Aug 4, 2008 (gmt 0)

The thing to do is browse to the page that is giving the warning, then right click > view source and then do a find on the code for "http:" (without quotes).

Ignore anything which is in an anchor tag (ie <a href="http://.. ..> ). Whatever else you find is probably the cause of the problem.

bwnbwn

9:45 pm on Aug 4, 2008 (gmt 0)

Do you have a tracker on the page I found this is usually the cause of the warning.