ssl not working correctly

tags:

asp.net
ssl

views:

answers:

+1 Q:

ssl not working correctly

I have an ssl certificate set up and when I use the https prefix google chrome puts a skull next to it and crosses out the https. Heres what the security information says:

The identify of this website has been verified by go daddy secure certification authority.

Your connection is encrypted with 128bit encryption...However, this page includes other resources which are not secure.

What am I doing wrong?

+3 A:

This means that you are linking to a resource (CSS, JavaScript, image, etc) on your website that does not have an SSL connection.

Check that all of your images, JavaScript, and CSS links are either relative (e.g. starting with \ or image\myimage.png, not http://www.mysite.com/images/myimage.png) or linking to an SSL site as well.

A common cause of this issue can be Google AdSense, which does not offer an SSL option for ad serving. Similar JavaScript links may also be "breaking" your SSL's "validity".

userx 2010-09-11 22:36:52

Ok that makes sense, but how would I handle a link that comes from a CDN such as <script src="http://cdn.jquerytools.org/1.2.4/full/jquery.tools.min.js"></script>. If that web site has an ssl cert installed then fine. But what if it doesn't? I don't want my users thinking my page is insecure.

nick 2010-09-11 23:01:39

Host the script yourself

Gareth 2010-09-11 23:08:15

@Gareth - Then I lose the awesomeness of a CDN.

nick 2010-09-12 00:38:00

@nick you may lose the awesomeness of a CDN, but you also lose the security. The main reason mixed content is flagged up as bad is that you can't expect your users to go through your page to figure out which part was safe to retrieve even without HTTPS and which part was (not mentioning that you're not guaranteed the integrity of the JavaScript and other contents you load this way).

Bruno 2010-09-12 00:58:26

@nick While not advertised by Google, as far as I know, (so it is possible it will be broken in the future), their jQuery CDN links can be used with https. For example https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

userx 2010-09-12 03:38:57

Just notices that you're using more than just jQuery, so relying on Google won't fully solve your problem. IMHO though, CDN hosting for small bits of a website like JavaScript files are more trouble than they are worth (now you have to count on them not being down, their website not being blocked, a separate DNS resolution, them not removing or changing the JavaScript file, etc.). If applicable licenses allow, I'd recommend hosting the JavaScript file yourself.

userx 2010-09-12 03:44:49

This occurs when you are using items that are not protected by your SSL cert. This could be items not under the SSL settings on your web server or if you are using items from another server entirely for example.

In chrome you can set all insecure content to be blocked to see what breaks and fix it.

Use Firebug in Firefox and see if there are any files that are being grabbed with the http protocol in the net tab.

klabranche 2010-09-11 22:37:47

ansaurus

tags:

views:

answers:

ssl not working correctly

related questions