[SOLVED] Firefox shows no validation entry...? (Mac OS) - Nginx Webserver


#1

I have now used a few howtos to implement the SSL certificates on my nginx webserver (running on Centos7)…

but still every browser I use to check the SSL connection tells me the connection is unsecure.
SSL Test works fine… as you can see here: https://www.ssllabs.com/ssltest/analyze.html?d=digitalaudioservice.de
But still, when going to the domain https://digitalaudioservice.de it says there is no validation entry.

Heres my nginx configuration:

ssl_certificate /etc/letsencrypt/live/digitalaudioservice.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/digitalaudioservice.de/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES1$
ssl_prefer_server_ciphers on;

ssl_dhparam /etc/letsencrypt/live/digitalaudioservice.de/dhparams.pem;

ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/digitalaudioservice.de/chain.pem;

does anybody have any idea??


#2

I see 85 mixed content alerts. Your site HTTP hard-codes literally its every piece.

Mixed Content: The page at ‘https://digitalaudioservice.de/’ was loaded over HTTPS, but requested an insecure stylesheet ‘http://fonts.googleapis.com/css?family=Droid+Sans:400,700’. This request has been blocked; the content must be served over HTTPS.

Mixed Content: The page at ‘https://digitalaudioservice.de/’ was loaded over HTTPS, but requested an insecure script ‘http://digitalaudioservice.de/js/jquery-1.6.4.js’. This request has been blocked; the content must be served over HTTPS.

Mixed Content: The page at ‘https://digitalaudioservice.de/’ was loaded over a secure connection, but contains a form which targets an insecure endpoint ‘http://digitalaudioservice.de/catalogsearch/result/’. This endpoint should be made available over a secure connection.

Mixed Content: The page at ‘https://digitalaudioservice.de/’ was loaded over HTTPS, but requested an insecure image ‘http://digitalaudioservice.de/skin/frontend/default/default/images/flags/german.gif’. This request has been blocked; the content must be served over HTTPS.

Mixed Content: The page at ‘https://digitalaudioservice.de/’ was loaded over HTTPS, but requested an insecure favicon ‘http://digitalaudioservice.de/skin/frontend/default/default/favicon.ico’. This request has been blocked; the content must be served over HTTPS.

Have you ever heard about https://www.whynopadlock.com/ service?

Total number of items: 180
Number of insecure items: 177

Insecure call.
Found on line # 152 in file: digitalaudioservice.de/index.html


#3

Funny thing!!!

Thanks a lot man!

I forgot to tell magento to use the secure line for everything ;)…