The reason you do not get the security warning at home is that you have probably deactivated the display of the warnings in your browser settings.

All your customers with default security settings in their browsers will most likely get this error message.

By the way: If you had posted the exact error message in your post your problem would probably be solved already by someone in this forum...

So all I can do now is guess...:(

Was it ""This page contains both secure and nonsecure items. Do you want to display the nonsecure items."

In this case you have embedded elements, for example pictures on your website with "http:" instead of "https:". You would need to change the URLs then.

Or was it something like: "You are leaving a secure site." Which is not an error message but only a browser warning that the customer is leaving the SSL area and vistiting an area on your website that is not SSL protected. The display of this information is a default security setting for most browsers.

Sorry for not posting the correct message (was outside of my own office / note tools), but it was this one:

There is a problem with this website's security certificate.
The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.
Click here to close this webpage.
Continue to this website (not recommended).

And this is don't understand as I have a valid certificate running for 25 days. But it is not an EV certificate.

There is a problem with this website's security certificate.
The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website was issued for a different website's address.

It sounds like your certificate was self-generated by the server.

The second problem is that your certificate is not matching your domain. Are you on shared hosting?

In this case you have embedded elements, for example pictures on your website with "http:" instead of "https:". You would need to change the URLs then.

Or better yet drop both and simply use "/".

[edited by: MLHmptn at 11:52 pm (utc) on May 25, 2009]

I believe the explanation is that I typed "https://www.mydomain.com" rather than "https://mydomain.com"

Fortunately my customers wouldn't notice, as they will entirely use the non-www address.

Thanks for your help!

As I am going to renew my SSL-certificate shortly, I would like to hear your opinion on whether it is - or will become - neccesary to go for an EV-certificate? I was contacted from Comodo who told me that based on new security settings in the major browser from 1/1-2010, the need for an EV-certificate would increase. I suspect that perhaps people would get some kind of warning if the certificate is not sufficiently certified/validated?

personally I think it's a racket. But it wouldn't be the first time nor the last that a business was forced to drop a bunch of $$ on some silly thing that corporations thought up to increase their bottom line.

As for the canonical issue with the www. You can solve that by redirecting any traffic to the www.domain.com url to the non-www version fairly easily.

Forget the EV-cert. It's a racket to make more $$. Their "security setting in major browser" argument is a joke, as it would break 99% of all certs in existance.

Count how many websites (that you visit) have EV certs in the past 18 months since they became available. Couple dozen at most? Is Amazon on that short-list?

rhonda427 one thing I would suggest is put the new certificate under a subdomain to stop any SE's problems.