Ssl Implementation Problem

[Guest topdotter]

Hi,

I've gotten the SSL cert installed by my host and following the directions on CC's support, tried going to https://www.silkknots.com. However, when I do that it redirects to http (which would seem to make sense since the homepage isn't supposed to run under the SSL cert) but it also appends

?ccuser=xxxxxxxxxxxVALUExxxxxxxx

.

Further, when going to a page that DOES require SSL, such as the the view cart page, the padlock appears locked briefly while the page is loading and then unlocks as soon as the page is done loading.

It's a rapidSSL cert issued (or backed) by Equifax.

Shmuel

[Homar]

Hi,

I've gotten the SSL cert installed by my host and following the directions on CC's support, tried going to https://www.silkknots.com. However, when I do that it redirects to http (which would seem to make sense since the homepage isn't supposed to run under the SSL cert) but it also appends

?ccuser=xxxxxxxxxxxVALUExxxxxxxx

.

Further, when going to a page that DOES require SSL, such as the the view cart page, the padlock appears locked briefly while the page is loading and then unlocks as soon as the page is done loading.

It's a rapidSSL cert issued (or backed) by Equifax.

Shmuel

Works fine for me in FireFox. Just a note, avoid using absolute URLs. This will cause browsers to notify the user that some content is not secure. In your case, I think it's the Google Analytics that's causing this.

[Guest topdotter]

Works fine for me in FireFox. Just a note, avoid using absolute URLs. This will cause browsers to notify the user that some content is not secure. In your case, I think it's the Google Analytics that's causing this.

Homar, even in Admin where it says "Absolute URL"?

[Homar]

Works fine for me in FireFox. Just a note, avoid using absolute URLs. This will cause browsers to notify the user that some content is not secure. In your case, I think it's the Google Analytics that's causing this.

Homar, even in Admin where it says "Absolute URL"?

Sorry. I didn't explain very clearly. When added an item to the cart and clicked 'View Cart', SSL was active (worked fine).

If a page contains both SSL and non-SSL components, the visitor will be notified - 'This page contains both secure and non-secure items - do you want to continue...'. To avoid this notification, you must ensure that all the components of your page are able to load via a secure connection (https://).

If you set (let's say) an image to display and set its path to http://www.example.com/image.png, the image will NOT load via a secure connection (due to the http:// and not https://). If you set the image's path to be relative to the current page- e.g. /image.png, the image will load via a secure connection.

I took a look at your source code and tried to find where absolute paths were used. I found that you were using google analytics. This loads a javascript from Google through a non-secure connection. Therefore, users will be notified that the page contains both secure and non-secure elements.

Just to clarify, your SSL certificate and implementation seems to be working fine. The only minor issue is the use of a non-secure item (and hence the notification).

[Guest topdotter]

Thanks Homar, that made it work. Just for everyone else, at this point in time, the Google Analytics code for a secure page is https://ssl.google-analytics.com/urchin.js.