See What was done to convert from http to https?
e3s Example
Under Firefox, the https://www.e3s-center.org/research/rsh-themes-proj.htm page was showing a triangle next to the URL.
Under Firefox
- Go to
https://www.e3s-center.org/research/rsh-themes-proj.htm
- Tools -> Web Developer -> Toggle Tools
- In the console at the bottom, be sure that
Security is enabled.
- Click on reload
- The following appears:
- Loading mixed (insecure) display content "http://www.e3s-center.org/images/research-theme1-intro-img--prelim.png" on a secure page[Learn More] rsh-themes-proj.htm
- Loading mixed (insecure) display content "http://www.e3s-center.org/images/research-theme2-pic1-cred.jpg" on a secure page[Learn More] rsh-themes-proj.htm
- Loading mixed (insecure) display content "http://www.e3s-center.org/images/research-theme3-intro-img--prelim.png" on a secure page[Learn More] rsh-themes-proj.htm
- Loading mixed (insecure) display content "http://www.e3s-center.org/images/research-theme4-pic1-cred.jpg" on a secure page[Learn More] rsh-themes-proj.htm
- Using Tools -> Web Developer -> View Source, we see that the URLs include http://www.e3s-center.org:
<div class="rshThemeIntroPic">
<img src="http://www.e3s-center.org/images/research-theme1-intro-img--prelim.png" style="border: 1px solid #aaa;" alt="tunneling FET" />
<p style="margin-top: 2.5em; padding-top: 0; font-style: italic;">
The fix is to remove http://www.e3s-center.org
.
TerraSwarm example
In Firefox, sites like https://www.terraswarm.org are having a triangle with an exclamation point next to the URL.
Clicking on the triangle:
Connection Partially Encrypted
Parts of the page you are viewing were not encrypted or
the encryption is not strong enough before being transmitted over the Internet.
Information sent over the Internet without encryption
can be seen by other people while it is in transit.
Under Firefox
- Go to https://www.terraswarm.org
- Tools -> Web Developer -> Toggle Tools
- In the console at the bottom, be sure that
Security is enabled.
- Click on reload
- The following appears:
- This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1.[Learn More]
...
- Loading mixed (insecure) display content "http://www.terraswarm.org/favicon.ico" on a secure page[Learn More] ContentLinkHandler.jsm:167:0
There are two problems: SHA-1 and favicon
SHA-1
The short answer is that SHA-1 is not very secure.
https://developer.mozilla.org/en-US/docs/Security/Weak_Signature_Algorithm has a link to
https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/ that talks about phasing out SHA-1.
https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/973/102/important-change-announcement---deprecation-of-sha-1 discusses phasing out as well.
The solution here is to get new certs, see Multi-domain SSL Certificates.
We obtained new certs, so this problem should not reoccur. If it does, contact Christopher.
favicon
A more typical failure is that the page has an absolute link to an image using http. See Why should I use URLs without the http://? for details.
In this case, the html that was causing the problem was
created by a PhP script in ~www/php
on moog.
For newer sites, edit /home/www/php/ucb/layout/html.inc.php
and change:
echo '
<link rel="shortcut icon" href="http://' . $_SERVER['SERVER_NAME'] . '/favicon.ico"/>';
';
to
echo '
<link rel="shortcut icon"href="/favicon.ico"/>
';
e3s Example
Under Firefox, the https://www.e3s-center.org/research/rsh-themes-proj.htm page was showing a triangle next to the URL.
Under Firefox
- Go to
https://www.e3s-center.org/research/rsh-themes-proj.htm
- Tools -> Web Developer -> Toggle Tools
- In the console at the bottom, be sure that
Security is enabled.
- Click on reload
- The following appears:
- Loading mixed (insecure) display content "http://www.e3s-center.org/images/research-theme1-intro-img--prelim.png" on a secure page[Learn More] rsh-themes-proj.htm
- Loading mixed (insecure) display content "http://www.e3s-center.org/images/research-theme2-pic1-cred.jpg" on a secure page[Learn More] rsh-themes-proj.htm
- Loading mixed (insecure) display content "http://www.e3s-center.org/images/research-theme3-intro-img--prelim.png" on a secure page[Learn More] rsh-themes-proj.htm
- Loading mixed (insecure) display content "http://www.e3s-center.org/images/research-theme4-pic1-cred.jpg" on a secure page[Learn More] rsh-themes-proj.htm
- Using Tools -> Web Developer -> View Source, we see that the URLs include http://www.e3s-center.org:
<div class="rshThemeIntroPic">
<img src="http://www.e3s-center.org/images/research-theme1-intro-img--prelim.png" style="border: 1px solid #aaa;" alt="tunneling FET" />
<p style="margin-top: 2.5em; padding-top: 0; font-style: italic;">
The fix is to remove http://www.e3s-center.org
.