Welcome to WebmasterWorld Guest from 3.93.75.30

Forum Moderators: open

Message Too Old, No Replies

Mobile apps give Invalid Cert warning

     
10:30 am on Jul 11, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893


My responsive-design site (in profile) has done extremely well over the last year. However, after recently upgrading my mobile phone and adding a few apps, I was alarmed to see that Facebook for Android displays a warning when I follow a link to my site:
"Warning - there is a security issue with this site. Go Back or Ignore Warning and Continue to Site."
Whoa - Imagine how many visitors are being scared away when they see this!

My site is not SSL encrypted, I do not have any HTTPS pages, nor do I have a cert installed. All my pages validate with W3C and browsers render in Standards Compliant mode.

However, the W3C mobileOK Checker identified the culprits: 4 outgoing HTTPS links to Youtube, Facebook, Google+ and Twitter. I have these Social Media icons in my header for all pages. These links are triggering FB's security check for a valid SSL cert and when not found, causing the warning (I assume.)

The links are part of a successful social media campaign so they need to stay, but that warning needs to get resolved.

Question - even though I have no plans to switch to HTTPS protocol, would installing a SSL cert get rid of the warnings?
1:32 pm on July 11, 2015 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:4464
votes: 332


If you change the outbound links to http: do they resolve (change to https: at their destinations)? Incoming http: links should serve https: content on those sites.
8:54 pm on July 11, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893


Two of the links are generated by remote hosted scripts: Google+ and Facebook. The code generated creates a HTTPS URL.

However the Twitter link is non-HTTPS yet W3C includes it as a trigger.

A reply from my server admin says a cert would not remedy the issue.
4:04 am on July 13, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893


Stll looking for a fix or at least a work-around.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members