my https website is not secured?

Forum Moderators: coopster

Message Too Old, No Replies

my https website is not secured?

it's missing a lock symbol

someone

11:31 pm on Jan 4, 2006 (gmt 0)

Forgive me if I posted this in the wrong forum, I wasn't sure where I should post it. I have a website that is using secure socket layer, but it's missing a lock symbol in the status bar in IE. You know how when you view any websites with a htpps:// URL, you will see a lock symbol on the status bar in IE or in Firefox, it would be on the right hand side inside the Address bar. What's going on with my https:// site, does that mean it's not secured afterall?

FalseDawn

12:31 am on Jan 5, 2006 (gmt 0)

You probably have hard coded links to non-secure items (images, maybe?) in your page somewhere.

View the source code of the page in question and search for HTTP://

someone

12:52 am on Jan 5, 2006 (gmt 0)

I do have links to non-secure items like images, style sheet (http://). So that's why I don't get the lock icon? But technically speaking, my site is secured, right? Since it's still under the secure socket layer?

encyclo

1:46 am on Jan 5, 2006 (gmt 0)

To be a secure site every object on the page must be served from a https URL, including scripts, stylesheets and images. You need to either have duplicate copies of such elements available on the secure sites, either by copying the files or symlinking them on the server.

someone

2:59 am on Jan 5, 2006 (gmt 0)

To be a secure site every object on the page must be served from a https URL, including scripts, stylesheets and images. You need to either have duplicate copies of such elements available on the secure sites, either by copying the files or symlinking them on the server.

Well, i am indeed using symbolic linking. Basically, I have two sites, one secured and one non-secured. My secured site (https) is a symbolic link to my non-secured site. So all the content in my secured site is indeed served by my non-secured site. I did it like this because I didn't want to have duplicate files (such as style sheet, template) in both sites.

MatthewHSE

2:30 pm on Jan 5, 2006 (gmt 0)

The way I got around this was by using relative URL's for every image, javascript, stylesheet, etc. Note that referencing files by http:// on a https:// page will result in a "non-secure content" warning in some versions of IE, which could well scare off some visitors.

someone

7:42 pm on Jan 5, 2006 (gmt 0)

I just want to thank everyone for your answers. I totally didn't know that having http content in a https site would make it look unsecured. This board is the best! Thanks!