|
Chris Smedley
|
October 5, 2015 at 11:30 am
Hi
We’ve installed an SSL certificate on site. It’s working fine on the admin login page but has a yellow triangle in the address bar for the registration pages and a message that says:
Your connection to http://www.thenegotiatorconference.co.uk is encrypted using a modern cipher suite. Further, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look of the page.
The connection uses TLS 1.2.
The connection is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism.
How can we get rid of this and get the green lock or bar showing instead?
Thanks
Chris
|
|
Lorenzo Orlando Caum
|
October 5, 2015 at 12:40 pm
Hi Chris, that can happen if there are http resources while you are on an https page. That triggers insecure errors.
There are some tools that can help fix those links. Try this plugin:
https://wordpress.org/plugins/ssl-insecure-content-fixer/
—
Lorenzo
|
|
Chris Smedley
|
October 6, 2015 at 9:08 am
Hi Lorenzo
Thanks for getting back to me.
The issue only seems to be happening in Chrome. I’ve installed the plugin and tried it in default mode, which hasn’t changed the warning. I’ll look at it’s other settings.
All the best
Chris
|
|
Tony
|
October 6, 2015 at 9:33 am
Hi Chris,
Can you link us to one of your event pages please so we can view this please?
|
|
Chris Smedley
|
October 6, 2015 at 9:48 am
Hi Tony
Here you go:
https://www.thenegotiatorconference.co.uk/registration-checkout/#checkout
You’ll need the login that I just submitted via a support ticket for the address shortcodes.
Thanks
Chris
|
|
Lorenzo Orlando Caum
|
October 6, 2015 at 11:09 am
Hi Chris, there are a few resources such as a stylesheet and some images that are being loaded over http:
http://cl.ly/image/1H3N3D190U3y
This is triggering the insecure content. Could you try one of the higher settings for the insecure content fixer plugin?
—
Lorenzo
|
|
Chris Smedley
|
October 6, 2015 at 2:04 pm
Hi Lorenzo
I’ve tried turning up the plugin and unfortunately it makes no difference.
We’ve a broken registration page with an error message, I’m just looking into server caching as Tony suggested, but could it be tha the stylesheet and images are loading over http?
Thanks
Chris
|
|
Lorenzo Orlando Caum
|
October 7, 2015 at 8:00 am
Hi Chris,
That is what we found. You can update the URLs for the images for the page and that should clear up about half of the warnings here:
http://cl.ly/image/1H3N3D190U3y
However, the addthis sharing option may be from a plugin so that is why we recommended raising the settings on the insecure context fixer plugin and re-testing.
Which option broke registration checkout?
—
Lorenzo
|
|
Chris Smedley
|
October 7, 2015 at 8:29 am
Hi Lorenzo
I’ve cleared up a few of the errors, the registration page is under https.
I had to move it out of the home page onto it’s own page, which works ok.
I’m not sure what broke the template, we’re still investigating.
There is something not quite right on the home page with https, which we are also looking into, but at least the registration page is secure.
Thanks for all your help, it’s very much appreciated.
All the best
Chris
|
|
Chris Smedley
|
October 8, 2015 at 5:49 am
Hi Lorenzo
Thanks for your help with this. I’ve managed to resolve the issues we where having.
It was a setting in the force https plugin, infact both ‘CCS-HTTPS’ and ‘Force HTTPS’ broke the page. This plugin seems a little more subtle ‘WordPress HTTPS’ and allows certain pages to be under https. So now it’s just the admin pages and the registration page that are under https.
Error warnings were coming up in Chrome because I was logged in as an admin user.
Again, thanks for your help, it’s very much appreciated.
All the best
Chris
|
