SSL Hosting - Secure Everywhere - Tips for the Wise

Changing all our websites to SSL is not as straightforward as we hoped. Many websites include custom styles, scripts, iframes etc, that are not secure... Manual updates may be required to many websites to gain SSL status. 

A  Few New Hurdles

If your websites include "non SSL" javascripts, stylesheets or iframes, then the SSL version of your website will not be fully SSL compliant, and may show a warning message to users.. 

eg, custom fonts, facebook plugins, social plugins, facebook pixel, google analytics, etc..... 

What to do 

1 - First attempt to view the https:// version of your website. 

2 - If you see a green padlock in the top left of the address bar in google Chrome, then you know all is well. Ignore the rest of this guideline, you have nothing more to do. :-) 

3 - But if you see a grey (i) in a circle as in the image below, then you have issued you need to fix.

4 - Press the (i) icon above (in your web browser), then next to the message "your connection is private, but someone....", then click DETAILS 

5 - if you see the message like "the page is not secure", please go back to step 1, and enter https:// before your web address

6 - if you see "your certificate is not valid" then you may need to wait for us to generate your SSL certificate. If errors previously occured with your domain not being live, or being redirected, you can request a new certificate at the base of our domains DNS screen.

7 - Review the information provided by Chrome security overview screen, it will likely have a section called "mixed content", and list a bunch of websites that your website is referencing, but no via https protocol... These are the hints of what you need to fix. Perhaps they are in your templates or meta includes area, or perhaps they are content related to maps or videos or other embedded iframes. 

8 - fix everything on your website, publish, wait a few minutes for that, clear your cache, and then go back to step 1 and try it again. 

Tip Re Protocol Matching

Please ensure that all third party services use the https version, or link it using //

For example,

BAD:  (do not link to insecure scripts from a secure page)

GOOD: (protcol unaware)

ALSO GOOD (force SSL)

 

Tags: web hosting  

Posted: Tuesday 8 November 2016