Secure on mobile, but not secure on computers


#1

I just installed my SSL and changed all http to https and I have the green padlock for mobile devices, but not on computers. Does the http count for the backend like php code? Also to note, I used https://www.ssllabs.com/ssltest/ to check and the grade was “A”. I noticed that the second certificate has no SNI and the names were mismatched. Could that also be the reason?


#2

Hi,

That means you have a not fully secure website (load some of the resources using http link). Upgrade all links in your webpage to make sure it’s all loaded via https. whynopadlock.com can also helps you.

You do t necessarily need to provide full (sni) support. (SNI just help you reach some clients who use XP or before)
That will not be the reason.

Thank you

Thank you


#3

@stevenzhu I used whynopadlock and it said SSL pass and no mixed content. I am going to changed the http in the backend and see if that helps.


#4

Maybe the computer browser can tell you the reason if you click on the security indicator icon in the browser address bar.


#5

The icon that looks like a shield? It says something about insecure scripts are being loaded


#6

This means that the scripts are loaded from http:// URLs instead of https:// URLs. I would have expected whynopadlock to identify that problem, but anyway that provides a good explanation. You should be able to change the references in the <script src="http://example.com/script.js"> to https:// and fix the problem.


#7

Ok, One last question, Is it everything in the pubic_html folder? That have to be HTTPS?


#8

Every script, image, frame, or stylesheet reference (among other things, apparently) should point to an HTTPS origin in order to avoid a mixed content error.

Edit:



Lets encrypt integration with NGINX and tomcat
#9

If one would start using src="//example.com/script.js", these problems wouldn’t exist. See RFC 3986 section 4.2: Relative Reference.


#10

Yes, but it would raise a flag when testing for content-security-policy…

So it’s better to use a https before those slashes.


#11

@stevenzhu and @schoen so I found out that browsing history can lead to a false broken padlock. I tried another computer and it showed the green padblock. But all of your tips are noted, thank you!


#12

If you can use FireFox or Chrome (Desktop), test

Ctrl + Shift + I

to open the webmaster tools / developer tools.

There is a console, there are the wrong links listed.


#13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.