https connection is no longer secure according to browsers

[moonmosaic]

Hi,

 

How do I check what makes my website unsecure? I updated 4 .css files, now my website is not secured. I thought css files only affected the layout. Currently chrome is turning https red and mozilla does not have the "verified by equifax" prefix anymore.

Please help!

 

......

 

I did a bit of research and found the error's origin. One of the modules causing this with the unsecure images. I checked the .tpl files and found this:-

 

 

{if $fbtwgconnectfbbutton == "on"}

<a href="javascript:void(0)" onclick="return fblogin();" title="Facebook">

<img src="{$base_dir}modules/fbtwgconnect/img/icon/fb.png" class="width_fbtwgconnect" />

</a>

{/if}

 

I believe I need to change $base_dir but not sure to what. $base_dir_ssl or $content_dir?

 

Thank you.

[Dh42]

Prestashop should automatically switch over to ssl with that. Do you have a link to your site?

[Jonadabe]

Hi there,

 

I have the same issue, but I can't say what is creating the problem. What I see is that some links aren't https "converted". Can it be this?

I have it in the backoffice even!

[engine411]

Same problem in Chrome, and I think the same issue except a different module than yours that is loading insecure content. I have PS 1.4.6.2.

 

Did you get your issue fixed?

[indus]

I have this issue after upgrade to 1.4.8.2.

[Chunky B]

same issue on 1 4 8 2

[tecknow]

I have this issue on the domain https://www.turbopc.com.au

 

In Chrome I get the message on page call up: This page has insecure content. Learn More

 

After accepting to load the page with insecure content the URL Bar shows:

 

https://www.turbopc.com.au/

 

Also the page layout is not displaying properly, at both stages about indicating an CSS issue.

 

The Source file displays the following & is attached:

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="en">

<head>

<title>Constance Collections</title>

<meta name="Shop powered by PrestaShop" />

<meta name="shop, prestashop" />

<meta http-equiv="application/xhtml+xml; charset=utf-8" />

<meta name="PrestaShop" />

<meta name="index,follow" />

<link rel="image/vnd.microsoft.icon" href="http://www.constancecollections.com.au/img/favicon.ico?1339397131" />

<link rel="image/x-icon" href="http://www.constancecollections.com.au/img/favicon.ico?1339397131" />

<script type="/themes/theme261/css/global.css" rel="text/css" media="/modules/blockstore/blockstore.css" rel="text/css" media="/css/jquery.autocomplete.css" rel="text/css" media="/modules/productscategory/productscategory.css" rel="text/css" media="/css/jquery.jgrowl.css" rel="text/css" media="http://fonts.googleapis.com/css?family=Lobster' rel='text/css'>

<script type="/js/jquery/jquery-1.4.4.min.js"></script>

<script type="/js/jquery/jquery.easing.1.3.js"></script>

<script type="/js/tools.js"></script>

<script type="/modules/blockcart/ajax-cart.js"></script>

<script type="/themes/theme261/js/tools/treeManagement.js"></script>

<script type="/js/jquery/jquery.autocomplete.js"></script>

<script type="/modules/productscategory/productscategory.js"></script>

<script type="/js/jquery/jquery.serialScroll-1.2.2-min.js"></script>

<script type="/js/jquery/jquery.jgrowl-1.2.1.min.js"></script>

 

The Store is running PrestaShop™ 1.4.8.2

 

The SSL Certificate is correctly set up on the server & SSL is also enabled in the Store's Admin Panels Preferences !!!

 

Any advise or suggestion here would be greatly appreciated.

[tecknow]

The SSL problem reported here, specific to the turbopc.com.au website, is now FIXED.

 

Amazingly the SSL problem was not with The Store running PrestaShop™ 1.4.8.2

 

The problem was due to an incomplete sign up process, required with the new CloudCache module, which we believe is only available for PrestaShop™ 1.4.8.2 which was installed on the Store.

 

----------------------------------------------------------------------

 

CloudCache v1.2 by PrestaShop

Supercharge your Shop with the CloudCache.com Content Delivery Network (CDN).

 

----------------------------------------------------------------------

 

This module was installed at the > Modules > Administration page by the Turbo PC Store owner.

 

However, the module requires an additional sign up process at the CloudCache server.

 

We believe that because this was not completed by the Store Owner, after installing the CloudCache module, it broke the Store's SSL as previously reported.

 

When the Store Owner installed the CloudCache module, it writes a tools.php in override/classes folder. By deleting this file the SSL worked as did the meta tags.

 

----------------------------------------------------------------------

SSL problems after upgrade to 1.4.8.2, images passing through http instead of https

 

http://forge.prestas...owse/PSCFI-5733

 

http://forge.prestas...anel#issue-tabs

 

I have fixed this issue, there was a tools.php in override/classes folder. I deleted it and now the problem has disappeared. No idea how that file got there.

 

----------------------------------------------------------------------

 

With Turbo PC here is what the 'Index Page' Source File looks like after the tools.php in override/classes folder was deleted.

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">

<head>

<title>TurboPC </title>

<meta name="description" content="Shop powered by PrestaShop" />

<meta name="keywords" content="shop, prestashop" />

<meta http-equiv="Content-Type" content="application/xhtml+xml; charset=utf-8" />

<meta name="generator" content="PrestaShop" />

<meta name="robots" content="index,follow" />

<link rel="icon" type="image/vnd.microsoft.icon" href="https://www.turbopc.com.au/img/favicon.ico?1341227241" />

<link rel="shortcut icon" type="image/x-icon" href="https://www.turbopc.com.au/img/favicon.ico?1341227241" />

<script type="text/javascript">

var baseDir = 'https://www.turbopc.com.au/';

var static_token = 'ea3db6e46e681dcf61fe32b41ff156e5';

var token = 'f7a2a8843601695ca1252e2d198c679c';

var priceDisplayPrecision = 2;

var priceDisplayMethod = 0;

var roundMode = 2;

</script>

<link href="/themes/theme298/css/global.css" rel="stylesheet" type="text/css" media="all" />

<link href="/modules/blockstore/blockstore.css" rel="stylesheet" type="text/css" media="all" />

<link href="/css/jquery.autocomplete.css" rel="stylesheet" type="text/css" media="all" />

<link href="/css/jquery.jgrowl.css" rel="stylesheet" type="text/css" media="all" />

<link href='http://fonts.googleapis.com/css?family=Open+Sans:400,600,700' rel='stylesheet' type='text/css'>

<script type="text/javascript" src="/js/jquery/jquery-1.4.4.min.js"></script>

<script type="text/javascript" src="/js/jquery/jquery.easing.1.3.js"></script>

<script type="text/javascript" src="/js/tools.js"></script>

<script type="text/javascript" src="/modules/blockcart/ajax-cart.js"></script>

<script type="text/javascript" src="/themes/theme298/js/tools/treeManagement.js"></script>

<script type="text/javascript" src="/js/jquery/jquery.autocomplete.js"></script>

<script type="text/javascript" src="/js/jquery/jquery.jgrowl-1.2.1.min.js"></script>

 

</head>

Edited July 3, 2012 by tecknow (see edit history)